CVE-2022-41903

CWE-190 — Integer Overflow14 documents8 sources

Severity

9.8CRITICAL

EPSS

22.4%

top 4.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GIT GIT Git-scm GIT

Timeline

PublishedJan 17

Latest updateMar 1

Description

Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invok…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5git/git< 2.30.7+9

▶Debiangit< 1:2.30.2-1+deb11u1+3

▶Ubuntugit< 1:2.17.1-1ubuntu0.14+2

▶NVDgit-scm/git2.31.0 — 2.31.5+9

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

git vulnerabilities↗2023-03-01

▶

OSV

git vulnerabilities↗2023-02-07

▶

OSV

git regression↗2023-01-19

▶

CVEList

Integer overflow in `git archive`, `git log --format` leading to RCE in git↗2023-01-17

▶

OSV

git vulnerabilities↗2023-01-17

▶

📋Vendor Advisories

Ubuntu

Git vulnerabilities↗2023-03-01

▶

Jenkins

Jenkins Security Advisory 2023-02-09↗2023-02-09

▶

Ubuntu

Git vulnerabilities↗2023-02-07

▶

Ubuntu

Git vulnerabilities↗2023-01-17

▶

Red Hat

git: Heap overflow in `git archive`, `git log --format` leading to RCE↗2023-01-17

▶