CVE-2010-2542
published 2010-08-11CVE-2010-2542: Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.51%
82.8th percentile
Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| git-scm | git | < 1.7.2.1 | 1.7.2.1 |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
CVE-2010-2542: NIST NVD Details: https://nvd
vendor_msrc·2020-09-08·CVSS 7.5
CVE-2010-2542 [HIGH] CVE-2010-2542: NIST NVD Details: https://nvd
NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2010-2542
Mariner: Mariner
[email protected]: [email protected]
Exploit Status: DOS:N/A
Remediation: git
Red Hat
Git: Arbitrary code execution via specially-crafted .git file
vendor_redhat·2010-07-20·CVSS 7.5
CVE-2010-2542 [HIGH] Git: Arbitrary code execution via specially-crafted .git file
Git: Arbitrary code execution via specially-crafted .git file
Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.
Package: git (Red Hat Enterprise Linux 6) - Not affected
GHSA
GHSA-q648-58gx-r823: Stack-based buffer overflow in the is_git_directory function in setup
ghsa_unreviewed·2022-05-13
CVE-2010-2542 [HIGH] CWE-787 GHSA-q648-58gx-r823: Stack-based buffer overflow in the is_git_directory function in setup
Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2542 Git: Arbitrary code execution via specially-crafted .git file [fedora-all]
bugzilla·2010-09-27·CVSS 7.5
CVE-2010-2542 [HIGH] CVE-2010-2542 Git: Arbitrary code execution via specially-crafted .git file [fedora-all]
CVE-2010-2542 Git: Arbitrary code execution via specially-crafted .git file [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=618108
Please note: this issue af
Bugzilla
CVE-2010-2542 Git: Arbitrary code execution via specially-crafted .git file
bugzilla·2010-07-26·CVSS 7.5
CVE-2010-2542 [HIGH] CVE-2010-2542 Git: Arbitrary code execution via specially-crafted .git file
CVE-2010-2542 Git: Arbitrary code execution via specially-crafted .git file
A buffer overrun was found in the way Git sanitized path of a git directory.
If a local attacker would create a specially-crafted working copy and trick
the local user into running any git command, it could lead to arbitrary
code execution with the privileges of the user running the Git command.
References:
[1] http://seclists.org/oss-sec/2010/q3/93
[2] https://bugzilla.redhat.com/show_bug.cgi?id=617422
Upstream patches:
[3] http://git.kernel.org/?p=git/git.git;a=commitdiff;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc;hp=c173dad58787a7f11a526dbcdaa5a2fe9ff1c87f
[4] http://git.kernel.org/?p=git/git.git;a=commitdiff;h=b44ebb19e3234c5dffe9869ceac5408bb44c2e20;hp=2a5fe2545882721d6841bad11dae0f15b454bf0d
Discussion:
http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccchttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.htmlhttp://secunia.com/advisories/43457http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txthttp://www.openwall.com/lists/oss-security/2010/07/22/1http://www.openwall.com/lists/oss-security/2010/07/22/4http://www.securityfocus.com/bid/41891http://www.vupen.com/english/advisories/2011/0464https://bugzilla.redhat.com/show_bug.cgi?id=618108http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccchttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.htmlhttp://secunia.com/advisories/43457http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txthttp://www.openwall.com/lists/oss-security/2010/07/22/1http://www.openwall.com/lists/oss-security/2010/07/22/4http://www.securityfocus.com/bid/41891http://www.vupen.com/english/advisories/2011/0464https://bugzilla.redhat.com/show_bug.cgi?id=618108
2010-08-11
Published