9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.2%
Git is distributed revision control system. git log
can display commits
in an arbitrary format using its --format
specifiers. This functionality
is also exposed to git archive
via the export-subst
gitattribute. When
processing the padding operators, there is a integer overflow in
pretty.c::format_and_pad_commit()
where a size_t
is stored improperly
as an int
, and then added as an offset to a memcpy()
. This overflow can
be triggered directly by a user running a command which invokes the commit
formatting machinery (e.g., git log --format=...
). It may also be
triggered indirectly through git archive via the export-subst mechanism,
which expands format specifiers inside of files within the repository
during a git archive. This integer overflow can result in arbitrary heap
writes, which may result in arbitrary code execution. The problem has been
patched in the versions published on 2023-01-17, going back to v2.30.7.
Users are advised to upgrade. Users who are unable to upgrade should
disable git archive
in untrusted repositories. If you expose git archive
via git daemon
, disable it by running git config --global daemon.uploadArch false
.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | git | < 1:2.17.1-1ubuntu0.15 | UNKNOWN |
ubuntu | 20.04 | noarch | git | < 1:2.25.1-1ubuntu3.8 | UNKNOWN |
ubuntu | 22.04 | noarch | git | < 1:2.34.1-1ubuntu1.6 | UNKNOWN |
ubuntu | 22.10 | noarch | git | < 1:2.37.2-1ubuntu1.2 | UNKNOWN |
ubuntu | 23.04 | noarch | git | < 1:2.39.1-0.1ubuntu1 | UNKNOWN |
ubuntu | 14.04 | noarch | git | < 1:1.9.1-1ubuntu0.10+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | git | < 1:2.7.4-0ubuntu1.10+esm4) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq
launchpad.net/bugs/cve/CVE-2022-41903
nvd.nist.gov/vuln/detail/CVE-2022-41903
security-tracker.debian.org/tracker/CVE-2022-41903
ubuntu.com/security/notices/USN-5810-1
ubuntu.com/security/notices/USN-5810-2
ubuntu.com/security/notices/USN-5810-3
ubuntu.com/security/notices/USN-5810-4
www.cve.org/CVERecord?id=CVE-2022-41903
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.2%