CVE-2023-22743

Git for Windows' installer is susceptible to DLL side loading attacks

Severity Score

7.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-01-06 CVE Reserved
2023-02-14 CVE Published
2023-03-08 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-426: Untrusted Search Path

CAPEC

References (6)

URL	Tag	Source
https://attack.mitre.org/techniques/T1574/002	Technical Description
https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1	Release Notes

URL	Date	SRC

URL	Date	SRC
https://learn.microsoft.com/en-us/windows/win32/controls/cookbook-overview?redirectedfrom=MSDN#using-comctl32dll-version-6-in-an-application-that-uses-only-standard-extensions	2023-08-02
https://learn.microsoft.com/en-us/windows/win32/sbscs/about-side-by-side-assemblies-	2023-08-02

URL	Date	SRC
https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3	2023-08-02
https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq	2023-08-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Git For Windows Project Search vendor "Git For Windows Project"		Git For Windows Search vendor "Git For Windows Project" for product "Git For Windows"				< 2.39.2 Search vendor "Git For Windows Project" for product "Git For Windows" and version " < 2.39.2"		-		Affected