Page 2 of 24 results (0.027 seconds)

CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 0

Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. • https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76 https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89 https://security.gentoo.org/glsa/202312-15 https://access.redhat.com/security/cve/CVE-2022-23521 https://bugzilla.redhat.com/show_bug.cgi?id=2162055 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0

Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). • https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76 https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq https://security.gentoo.org/glsa/202312-15 https://access.redhat.com/security/cve/CVE-2022-41903 https://bugzilla.redhat.com/show_bug.cgi?id=2162056 • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. • https://github.com/git-for-windows/git/commit/7360767e8dfc1895a932324079f7d45d7791d39f https://github.com/git-for-windows/git/pull/4219 https://github.com/git-for-windows/git/security/advisories/GHSA-v4px-mx59-w99c https://www.tcl.tk/man/tcl8.6/TclCmd/exec.html#M23 • CWE-426: Untrusted Search Path •

CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. • http://seclists.org/fulldisclosure/2022/Nov/1 http://www.openwall.com/lists/oss-security/2023/02/14/5 http://www.openwall.com/lists/oss-security/2024/05/14/2 https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85 https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraprojec • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 1%CPEs: 14EXPL: 0

Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. • http://seclists.org/fulldisclosure/2022/Nov/1 https://github.com/git/git/security/advisories/GHSA-rjr6-wcq6-83p6 https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHNO2FB55CPX47BAXMBWUBGWHO6N6ZZH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKFHE4K • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •