exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2023-23946

Status Candidate

Overview

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.

Related Files

Gentoo Linux Security Advisory 202312-15
Posted Dec 27, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007
SHA-256 | 40da540c38bd337ca3d0a368d288902ef88dd450d5f78bccef5cef2ef2758381
Red Hat Security Advisory 2023-3297-01
Posted May 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-36227, CVE-2023-0361, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-27535, CVE-2023-29007, CVE-2023-32313, CVE-2023-32314
SHA-256 | a9c95cee3c3f2ef8153d088eeac3a325877fe0187e2772e5100d0e99f69c0a20
Red Hat Security Advisory 2023-3245-01
Posted May 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007
SHA-256 | 92bc1cd2a7152d444bfd222b50e428edb590365d8fee84b842dbbedc7c850ce6
Red Hat Security Advisory 2023-3246-01
Posted May 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007
SHA-256 | c2580c96a9c4c3691d3e57fb640cf3d03ca4f1a7a519ed3eb3dac98b2000bc8e
Debian Security Advisory 5357-1
Posted Feb 23, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5357-1 - yvvdwf found a data exfiltration vulnerability while performing local clone from malicious repository even using a non-local transport. Joern Schneeweisz found a path traversal vulnerability in git-apply that a path outside the working tree can be overwritten as the acting user.

tags | advisory, local
systems | linux, debian
advisories | CVE-2023-22490, CVE-2023-23946
SHA-256 | 1d3b09b9eb94b59ea608248a20c9b4e2bc7dca85f2496bce60579f548dcd692d
Ubuntu Security Notice USN-5871-1
Posted Feb 15, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5871-1 - It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite a patch outside the working tree.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2023-22490, CVE-2023-23946
SHA-256 | 128cb1e7502d2d61fdd1584602c087a1f5064941c47244e330913b10810fc2ea
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    16 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close