CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-41903 – Integer overflow in `git archive`, `git log --format` leading to RCE in git
https://notcve.org/view.php?id=CVE-2022-41903
When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). ... This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. ... This issue occurs due to an integer overflow in `pretty.c::format_and_pad_commit()`, where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. ... This integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution. • https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76 https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq https://security.gentoo.org/glsa/202312-15 https://access.redhat.com/security/cve/CVE-2022-41903 https://bugzilla.redhat.com/show_bug.cgi?id=2162056 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1812 – Integer Overflow or Wraparound in publify/publify
https://notcve.org/view.php?id=CVE-2022-1812
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. Desbordamiento de enteros o Wraparound en el repositorio de GitHub publify/publify antes de 9.2.10. • https://github.com/publify/publify/commit/29a5837c29620e33857d7a5afce01384e3f8e41a https://huntr.dev/bounties/17d86a50-265c-4ec8-9592-0bd909ddc8f3 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-23559
https://notcve.org/view.php?id=CVE-2023-23559
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich%40gmail.com https://security.netapp.com/advisory/ntap-20230302-0003 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40983
https://notcve.org/view.php?id=CVE-2022-40983
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 208EXPL: 0CVE-2021-26346
https://notcve.org/view.php?id=CVE-2021-26346
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031 • CWE-190: Integer Overflow or Wraparound •