CVE-2022-24767
published 2022-04-12CVE-2022-24767: GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| git_for_windows_project | git_for_windows | < 2.35.2 | 2.35.2 |
| microsoft | microsoft_visual_studio_2017_version_15.9 | — | — |
| microsoft | microsoft_visual_studio_2019_version_16.11 | — | — |
| microsoft | microsoft_visual_studio_2019_version_16.7 | — | — |
| microsoft | microsoft_visual_studio_2019_version_16.9 | — | — |
| microsoft | microsoft_visual_studio_2022_version_17.0 | — | — |
| microsoft | microsoft_visual_studio_2022_version_17.1 | — | — |
| microsoft | visual_studio_2017 | >= 15.0 < 15.9.46 | 15.9.46 |
| microsoft | visual_studio_2019 | >= 16.0 < 16.7.27 | 16.7.27 |
| microsoft | visual_studio_2019 | >= 16.10 < 16.11.12 | 16.11.12 |
| microsoft | visual_studio_2019 | >= 16.8 < 16.9.19 | 16.9.19 |
| microsoft | visual_studio_2022 | >= 17.0 < 17.0.8 | 17.0.8 |
| microsoft | visual_studio_2022 | >= 17.1.0 < 17.1.4 | 17.1.4 |
| msrc | microsoft_visual_studio_2017_version_15.9 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.11 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.7 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.9 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.0 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.1 | — | — |