CVE-2022-41903

Description from NVD

Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.

Information Acquisition Date:2023-01-26T07:55Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq
     source:MISC
     tags:Third Party Advisory    
 https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
     source:MISC
     tags:Patch    Release Notes    Third Party Advisory    
 https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst
     source:MISC
     tags:Vendor Advisory    
 https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem
     source:MISC
     tags:Vendor Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apple(1 tweets) Linux(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://github.blog/2023-01-17-git-security-vulnerabilities...10
https://www.helpnetsecurity.com/2023/01/19/git-critical-vul...10
https://securityonline.info/cve-2022-41903-cve-2022-23521-c...5
https://twitter.com/__kokumoto/status/16156710201905889293
https://tweetedtimes.com/jefstratiou?s=tnp3

▼ Show Information from Twitter(90)


List of frequently cited URLs

URLNum of Times Referred to
github.blog10
www.helpnetsecurity.com10
securityonline.info5
twitter.com3
tweetedtimes.com3

▼ Show Information from Twitter(90)


GitHub Search Results: Up to 10
NameURL
No Data

GitHub Search Results: Up to 10
NameURL
No Data

2023/02/07 Score : 1
Added Har-sia Database : 2023/01/18
Last Modified : 2023/02/07
Highest Scored Date : 2023/01/18
Highest Score : 31