CVE-2022-41903
published 2023-01-17CVE-2022-41903: Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also…
PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
44.27%
98.6th percentile
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | git | < git 1:2.39.1-0.1 (bookworm) | git 1:2.39.1-0.1 (bookworm) |
| git-scm | git | <= 2.30.6 | — |
| git-scm | git | — | — |
| git-scm | git | 2.31.0 – 2.31.5 | — |
| git-scm | git | 2.32.0 – 2.32.4 | — |
| git-scm | git | 2.33.0 – 2.33.5 | — |
| git-scm | git | 2.34.0 – 2.34.5 | — |
| git-scm | git | 2.35.0 – 2.35.5 | — |
| git-scm | git | 2.36.0 – 2.36.3 | — |
| git-scm | git | 2.37.0 – 2.37.4 | — |
| git-scm | git | 2.38.0 – 2.38.2 | — |
| git | git | < 2.30.7 | 2.30.7 |
| git | git | — | — |
| git | git | — | — |
| git | git | — | — |
| git | git | — | — |
| git | git | — | — |
| git | git | — | — |
| git | git | — | — |
| git | git | — | — |
| git | git | — | — |
| git | git | >= 0 < 1:2.30.2-1+deb11u1 | 1:2.30.2-1+deb11u1 |
| git | git | >= 0 < 1:2.39.1-0.1 | 1:2.39.1-0.1 |
| git | git | >= 0 < 1:2.39.1-0.1 | 1:2.39.1-0.1 |
| git | git | >= 0 < 1:2.39.1-0.1 | 1:2.39.1-0.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability can be triggered via `git log` with a crafted `--format` specifier, exploiting an integer overflow in `pretty.c::format_and_pad_commit()` during padding operator processing. ↗
- →The vulnerability can also be triggered indirectly via `git archive` using the `export-subst` gitattribute mechanism, which expands format specifiers inside repository files during archiving. ↗
- →In Jenkins CI environments, an attacker with commit access to a Git repository cloned on a Jenkins controller or agent could exploit this to achieve remote code execution. ↗
- ·Disable `git archive` in untrusted repositories to mitigate indirect exploitation via the export-subst mechanism. ↗
- ·If `git archive` is exposed via `git daemon`, disable it globally with the following configuration command to prevent remote exploitation. ↗
- ·Debian-based Jenkins Docker images (controller and agent) require Git >= 2.30.2-1+deb11u1 to be safe; verify with `dpkg -l git` inside the container. ↗
- ·AlmaLinux-based and Red Hat-based (UBI/CentOS) Jenkins controller images require Git >= 2.31.1-3 to be safe; verify with `rpm -qa git-core` or `rpm -qa git` inside the container. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
git vulnerabilities
osv·2023-03-01·CVSS 9.8
CVE-2022-23521 [CRITICAL] git vulnerabilities
git vulnerabilities
USN-5810-1 fixed several vulnerabilities in Git. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
OSV
git vulnerabilities
osv·2023-02-07·CVSS 9.8
CVE-2022-23521 [CRITICAL] git vulnerabilities
git vulnerabilities
USN-5810-1 fixed several vulnerabilities in Git. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
OSV
git regression
osv·2023-01-19·CVSS 9.8
CVE-2022-23521 [CRITICAL] git regression
git regression
USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it
was missing some commit lines. This update fixes the problem.
Original advisory details:
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
OSV
git vulnerabilities
osv·2023-01-17·CVSS 9.8
CVE-2022-23521 [CRITICAL] git vulnerabilities
git vulnerabilities
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
OSV
CVE-2022-41903: Git is distributed revision control system
osv·2023-01-17·CVSS 9.8
CVE-2022-41903 [CRITICAL] CVE-2022-41903: Git is distributed revision control system
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap wr
CISA ICS
ABB M2M Gateway
cisa_ics·2025-04-15
ABB M2M Gateway
ICS Advisory
##
ABB M2M Gateway
Release DateApril 15, 2025
Alert CodeICSA-25-105-08
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: ABB
- Equipment: M2M Gateway
- Vulnerabilities: Integer Overflow or Wraparound, Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), Unquoted Search Path or Element, Untrusted Search Path, Use After Free, Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Missing Release of Memory after Effective Lifetime, Allocation of Resources Without Limits or Throttling, Improper Privilege Management, Improper Limitati
CISA ICS
Siemens SCALANCE XCM-/XRM-300
cisa_ics·2024-02-15
Siemens SCALANCE XCM-/XRM-300
ICS Advisory
##
Siemens SCALANCE XCM-/XRM-300
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-11
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM-/XRM-300
- Vulnerabilities: Out-of-bounds Write, Incorrect Type Conversion or Cast, Improper Verification of Cryptographic Signature, Improper Access Control, Improper Authentication, Missing Encryption
Ubuntu
Git vulnerabilities
vendor_ubuntu·2023-03-01·CVSS 9.8
CVE-2022-23521 [CRITICAL] Git vulnerabilities
Title: Git vulnerabilities
Summary: Several security issues were fixed in Git.
USN-5810-1 fixed several vulnerabilities in Git. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
Instructions: In general, a standard system update will make all the necessary changes.
Jenkins
Jenkins Security Advisory 2023-02-09
vendor_jenkins·2023-02-09·CVSS 9.8
CVE-2022-23521 [CRITICAL] Jenkins Security Advisory 2023-02-09
Title: Jenkins Security Advisory 2023-02-09
Jenkins Security Advisory 2023-02-09
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins Docker images
Descriptions
Git releases with critical vulnerabilities on Jenkins Docker images
SECURITY-3039
/
CVE-2022-23521 and CVE-2022-41903
Severity (CVSS):
Critical
Ubuntu
Git vulnerabilities
vendor_ubuntu·2023-02-07·CVSS 9.8
CVE-2022-23521 [CRITICAL] Git vulnerabilities
Title: Git vulnerabilities
Summary: Several security issues were fixed in Git.
USN-5810-1 fixed several vulnerabilities in Git. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Git regression
vendor_ubuntu·2023-01-19·CVSS 9.8
CVE-2022-23521 [CRITICAL] Git regression
Title: Git regression
Summary: USN-5810-1 introduced a regression in Git.
USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it
was missing some commit lines. This update fixes the problem.
Original advisory details:
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Git vulnerabilities
vendor_ubuntu·2023-01-17·CVSS 9.8
CVE-2022-41903 [CRITICAL] Git vulnerabilities
Title: Git vulnerabilities
Summary: Several security issues were fixed in Git.
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
git: Heap overflow in `git archive`, `git log --format` leading to RCE
vendor_redhat·2023-01-17·CVSS 9.8
CVE-2022-41903 [CRITICAL] CWE-190 git: Heap overflow in `git archive`, `git log --format` leading to RCE
git: Heap overflow in `git archive`, `git log --format` leading to RCE
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository dur
Microsoft
Integer overflow in `git archive` `git log --format` leading to RCE in git
vendor_msrc·2023-01-10·CVSS 9.8
CVE-2022-41903 [CRITICAL] CWE-190 Integer overflow in `git archive` `git log --format` leading to RCE in git
Integer overflow in `git archive` `git log --format` leading to RCE in git
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Debian
CVE-2022-41903: git - Git is distributed revision control system. `git log` can display commits in an ...
vendor_debian·2022·CVSS 9.8
CVE-2022-41903 [CRITICAL] CVE-2022-41903: git - Git is distributed revision control system. `git log` can display commits in an ...
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap wr
No detection rules found.
No public exploits indexed.
https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_substhttps://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncemhttps://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwqhttps://security.gentoo.org/glsa/202312-15https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_substhttps://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncemhttps://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwqhttps://security.gentoo.org/glsa/202312-15
2023-01-17
Published