2 matches found
CVE-2022-23521
CVE-2022-23521 affects Git. The issue arises from parsing gitattributes, where very large path patterns or attribute names can trigger integer overflows, leading to arbitrary heap reads/writes and potentially remote code execution. Git’s handling of long lines (>2KB) in gitattributes (from fil...
CVE-2022-41903
CVE-2022-41903 describes a heap-write overflow in Git during commit formatting when processing padding operators in pretty.c (format_and_pad_commit), where a size_t is mishandled as an int and added to memcpy() offsets. This can be triggered by commands using --format (e.g., git log) or indirectl...