CVE-2022-41903

EPSS 18.29%
Published 17.01.2023 23:15:15
Last modified 21.11.2024 07:24:01
Source security-advisories@github.com
Teams watchlist Login
Open Login

Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Git-scm ≫ Git Version <= 2.30.6

Git-scm ≫ Git Version >= 2.31.0 <= 2.31.5

Git-scm ≫ Git Version >= 2.32.0 <= 2.32.4

Git-scm ≫ Git Version >= 2.33.0 <= 2.33.5

Git-scm ≫ Git Version >= 2.34.0 <= 2.34.5

Git-scm ≫ Git Version >= 2.35.0 <= 2.35.5

Git-scm ≫ Git Version >= 2.36.0 <= 2.36.3

Git-scm ≫ Git Version >= 2.37.0 <= 2.37.4

Git-scm ≫ Git Version >= 2.38.0 <= 2.38.2

Git-scm ≫ Git Version2.39.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.29%	0.949

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://security.gentoo.org/glsa/202312-15

https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76

Patch

Third Party Advisory

Release Notes

https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst

Vendor Advisory

https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem

Vendor Advisory

https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-41903

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41903

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41903

EUVD