CVE-2024-32004

2024-05-1400:00:00

ubuntu.com

git security vulnerability

code execution

local repository

8.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4,
2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local
repository in such a way that, when cloned, will execute arbitrary code
during the operation. The problem has been patched in versions 2.45.1,
2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid
cloning repositories from untrusted sources.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071160>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchgit< anyUNKNOWN
ubuntu20.04noarchgit< 1:2.25.1-1ubuntu3.12UNKNOWN
ubuntu22.04noarchgit< 1:2.34.1-1ubuntu1.11UNKNOWN
ubuntu23.10noarchgit< 1:2.40.1-1ubuntu1.1UNKNOWN
ubuntu24.04noarchgit< 1:2.43.0-1ubuntu7.1UNKNOWN
ubuntu16.04noarchgit< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	git	< any	UNKNOWN
ubuntu	20.04	noarch	git	< 1:2.25.1-1ubuntu3.12	UNKNOWN
ubuntu	22.04	noarch	git	< 1:2.34.1-1ubuntu1.11	UNKNOWN
ubuntu	23.10	noarch	git	< 1:2.40.1-1ubuntu1.1	UNKNOWN
ubuntu	24.04	noarch	git	< 1:2.43.0-1ubuntu7.1	UNKNOWN
ubuntu	16.04	noarch	git	< any	UNKNOWN