In Git for Windows, the Windows port of Git, no localized messages are
shipped with the installer. As a consequence, Git is expected not to
localize messages at all, and skips the gettext initialization. However,
due to a change in MINGW-packages, the gettext()
function’s implicit
initialization no longer uses the runtime prefix but uses the hard-coded
path C:\mingw64\share\locale
to look for localized messages. And since
any authenticated user has the permission to create folders in C:\
(and
since C:\mingw64
does not typically exist), it is possible for
low-privilege users to place fake messages in that location where git.exe
will pick them up in version 2.40.1. This vulnerability is relatively hard
to exploit and requires social engineering. For example, a legitimate
message at the end of a clone could be maliciously modified to ask the user
to direct their web browser to a malicious website, and the user might
think that the message comes from Git and is legitimate. It does require
local write access by the attacker, though, which makes this attack vector
less likely. Version 2.40.1 contains a patch for this issue. Some
workarounds are available. Do not work on a Windows machine with shared
accounts, or alternatively create a C:\mingw64
folder and leave it empty.
Users who have administrative rights may remove the permission to create
folders in C:\
.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | git | <Â 1:2.17.1-1ubuntu0.18 | UNKNOWN |
ubuntu | 20.04 | noarch | git | <Â 1:2.25.1-1ubuntu3.11 | UNKNOWN |
ubuntu | 22.04 | noarch | git | <Â 1:2.34.1-1ubuntu1.9 | UNKNOWN |
ubuntu | 22.10 | noarch | git | <Â 1:2.37.2-1ubuntu1.5 | UNKNOWN |
ubuntu | 23.04 | noarch | git | <Â 1:2.39.2-1ubuntu1.1 | UNKNOWN |
ubuntu | 23.10 | noarch | git | <Â 1:2.39.2-1ubuntu1.1 | UNKNOWN |
ubuntu | 24.04 | noarch | git | <Â 1:2.39.2-1ubuntu1.1 | UNKNOWN |
ubuntu | 16.04 | noarch | git | <Â any | UNKNOWN |