CVE-2018-1000021 — Improper Input Validation in GIT

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 40.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Git-scm GIT

Timeline

PublishedFeb 9

Latest updateMay 14

Description

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4

Affected Packages1 packages

▶NVDgit-scm/git2.15.1

🔴Vulnerability Details

GHSA

GHSA-vpq8-fvqp-vj6h: GIT version 2↗2022-05-14

▶

OSV

CVE-2018-1000021: GIT version 2↗2018-02-09

▶

CVEList

CVE-2018-1000021: GIT version 2↗2018-02-09

▶

📋Vendor Advisories

Red Hat

git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands↗2018-01-06

▶

Debian

CVE-2018-1000021: git - GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability i...↗2018

▶

💬Community

Bugzilla

CVE-2018-1000021 git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands↗2018-02-05

▶

Bugzilla

CVE-2018-1000021 git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands [fedora-all]↗2018-02-05

▶