Debian Git vulnerabilities

CVE-2025-48384 [HIGH] CVE-2025-48384: git - Git is a fast, scalable, distributed revision control system with an unusually r... Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config i

CVE-2025-48385 [HIGH] CVE-2025-48385: git - Git is a fast, scalable, distributed revision control system with an unusually r... Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform suffic

CVE-2025-46835 [HIGH] CVE-2025-46835: git - Git GUI allows you to use the Git source control management tools via a GUI. Whe... Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2

CVE-2025-48386 [MEDIUM] CVE-2025-48386: git - Git is a fast, scalable, distributed revision control system with an unusually r... Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space r

CVE-2025-27613 [LOW] CVE-2025-27613: git - Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clo... Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk's Preferences. This option is disabled by default. The same ha

CVE-2025-46334 [HIGH] CVE-2025-46334: git - Git GUI allows you to use the Git source control management tools via a GUI. A m... Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes the current directory. The mentioned programs are invoked when the user sel

CVE-2025-27614 [HIGH] CVE-2025-27614: git - Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git reposito... Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is r

CVE-2024-52006 [CRITICAL] CVE-2024-52006: git - Git is a fast, scalable, distributed revision control system with an unusually r... Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characte

CVE-2024-32002 [CRITICAL] CVE-2024-32002: git - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42... Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone ope

CVE-2024-32465 [HIGH] CVE-2024-32465: git - Git is a revision control system. The Git project recommends to avoid working in... Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of clonin

CVE-2024-32004 [HIGH] CVE-2024-32004: git - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42... Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning re

CVE-2024-32021 [MEDIUM] CVE-2024-32021: git - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42... Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the files

CVE-2024-50349 [LOW] CVE-2024-50349: git - Git is a fast, scalable, distributed revision control system with an unusually r... Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this st

CVE-2024-52005 [HIGH] CVE-2024-52005: git - Git is a source code management tool. When cloning from a server (or fetching, o... Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to

CVE-2024-32020 [LOW] CVE-2024-32020: git - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42... Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in

CVE-2023-25652 [HIGH] CVE-2023-25652: git - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33... Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available i

CVE-2023-29007 [HIGH] CVE-2023-29007: git - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33... Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary confi

CVE-2023-22490 [MEDIUM] CVE-2023-22490: git - Git is a revision control system. Using a specially-crafted repository, Git prio... Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic link

CVE-2023-23946 [MEDIUM] CVE-2023-23946: git - Git, a revision control system, is vulnerable to path traversal prior to version... Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6,

CVE-2023-25815 [LOW] CVE-2023-25815: git - In Git for Windows, the Windows port of Git, no localized messages are shipped w... In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64