exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

CVE-2022-23521

Status Candidate

Overview

Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.

Related Files

Gentoo Linux Security Advisory 202312-15
Posted Dec 27, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007
SHA-256 | 40da540c38bd337ca3d0a368d288902ef88dd450d5f78bccef5cef2ef2758381
Red Hat Security Advisory 2023-1677-01
Posted Apr 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1677-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903, CVE-2023-0266, CVE-2023-0386, CVE-2023-0767
SHA-256 | d50fcde157b0d81293003398a54404e2ecee374586626ce00fc2dbcc0d6bdaa5
Red Hat Security Advisory 2023-1428-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1428-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service, traversal, and unsanitized input vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2020-36567, CVE-2021-28861, CVE-2021-4235, CVE-2022-1705, CVE-2022-23521, CVE-2022-24999, CVE-2022-25881, CVE-2022-25927, CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-2995, CVE-2022-30631
SHA-256 | cc950d2ab43d2f93dae3bec701ae554c28379d039ec26d5027d656ff0b9558b0
Red Hat Security Advisory 2023-1158-01
Posted Mar 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1158-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.31. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-21698, CVE-2022-23521, CVE-2022-41903
SHA-256 | a19feccbce0161454f9c6187a8a2db5cc8dbc554c88b7361d92fab7112e0b0fc
Ubuntu Security Notice USN-5810-4
Posted Mar 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5810-4 - USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 14.04 ESM. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | b7a001a11349d2b730cffb3f46ef81dd964ff8de4579c792ea639ca4409331c5
Red Hat Security Advisory 2023-0895-01
Posted Feb 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0895-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2022-23521, CVE-2022-41903
SHA-256 | 7a32d3f62970f0d43a33d17d8aa9612b3eb48e892ab787ada4397f1315d9a773
Red Hat Security Advisory 2023-0978-01
Posted Feb 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0978-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | f9995ae6dacfd02db677646ff8b9b042c67fba6965a6700f58a151fb62f4f238
Red Hat Security Advisory 2023-0977-01
Posted Feb 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0977-01 - Red Hat OpenShift Data Science 1.22.1 security update. Issues addressed include an improper authorization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-40303, CVE-2022-40304, CVE-2022-41903, CVE-2022-4415, CVE-2022-47629, CVE-2023-0923
SHA-256 | a878915a7f3ed4aeab08fa389c9615a55546bab6b3649cdfebce0a5bcf1c42d3
Red Hat Security Advisory 2023-0934-01
Posted Feb 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0934-01 - Migration Toolkit for Applications 6.0.1 release. Red Hat Product Security has rated this update as having a security impact of Important. Issues addressed include denial of service and unsanitized input vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-36567, CVE-2021-35065, CVE-2021-46848, CVE-2022-1304, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22662, CVE-2022-23521, CVE-2022-24999, CVE-2022-2519
SHA-256 | e6ed8e70ae97d3f84dfc5a4c9a7afaff0a6bd21abee5831103acb6746649fd52
Red Hat Security Advisory 2023-0778-01
Posted Feb 23, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0778-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.56.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-7692, CVE-2022-1471, CVE-2022-2048, CVE-2022-23521, CVE-2022-25857, CVE-2022-3064, CVE-2022-30946, CVE-2022-30952, CVE-2022-30953, CVE-2022-30954, CVE-2022-34174, CVE-2022-36882, CVE-2022-36883, CVE-2022-36884
SHA-256 | b0f7f8eee987e2e6e2dcaabf7c4fe7bacb12571d25cd64b63d580c759f794a67
Red Hat Security Advisory 2023-0774-01
Posted Feb 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0774-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.28. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2021-4238, CVE-2022-23521, CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41717, CVE-2022-41903, CVE-2022-4337, CVE-2022-4338
SHA-256 | ca47c0cea81330f5de88e4e9f79a211719d421c59b8c4c4424353cdd2b6b0a26
Red Hat Security Advisory 2023-0769-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0769-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3577, CVE-2021-21684, CVE-2021-41190, CVE-2021-41772, CVE-2021-44716, CVE-2021-44717, CVE-2022-0532, CVE-2022-23521, CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41717, CVE-2022-41903, CVE-2022-4337
SHA-256 | 20c14138d614f3562deddf605958c632df18832222932f78d3f827178015c6b6
Red Hat Security Advisory 2023-0803-01
Posted Feb 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0803-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4238, CVE-2022-23521, CVE-2022-3064, CVE-2022-40303, CVE-2022-40304, CVE-2022-41903, CVE-2022-47629, CVE-2023-23947
SHA-256 | 05bca020b45a5ad890a5c1c749e28d4f329578a1e2dd2a308e6f48d053941a32
Red Hat Security Advisory 2023-0804-01
Posted Feb 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0804-01 - An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4238, CVE-2022-23521, CVE-2022-3064, CVE-2022-40303, CVE-2022-40304, CVE-2022-41903, CVE-2022-47629, CVE-2023-23947
SHA-256 | d0f00b645749c7f3dab3ca1da2c175d01a5adf448a194fffc6eacf10adf65637
Red Hat Security Advisory 2023-0802-01
Posted Feb 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0802-01 - An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4238, CVE-2022-23521, CVE-2022-3064, CVE-2022-40303, CVE-2022-40304, CVE-2022-41903, CVE-2022-47629, CVE-2023-23947
SHA-256 | 32806dda2f0b1a0d5696e60557e35891b58c9f6eab69373f3f1c5382b3b90376
Red Hat Security Advisory 2023-0794-01
Posted Feb 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-46848, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-23521, CVE-2022-24999, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-2953, CVE-2022-2964
SHA-256 | b3f7dff17d2c1b34b87e26fcbdb2d8609daa0dcdc11f67cc5739af9ecf40a1e6
Red Hat Security Advisory 2023-0698-01
Posted Feb 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0698-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.52.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-1471, CVE-2022-23521, CVE-2022-3064, CVE-2022-34174, CVE-2022-38023, CVE-2022-41903, CVE-2022-47629
SHA-256 | c0dd513b503649e92498d15dcdfb12b1a95f94bbc68a63f30f82f0a0cdfdc6d6
Red Hat Security Advisory 2023-0633-01
Posted Feb 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0633-01 - Logging Subsystem 5.5.7 - Red Hat OpenShift.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-40303, CVE-2022-40304, CVE-2022-41903, CVE-2022-47629
SHA-256 | 361215b358f498b51d78ba1a21fe78b246e95380b533e350a0ddf3f5d09e49f2
Red Hat Security Advisory 2023-0632-01
Posted Feb 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-30123, CVE-2022-40303, CVE-2022-40304, CVE-2022-41717, CVE-2022-41903, CVE-2022-44617, CVE-2022-46285, CVE-2022-47629, CVE-2022-4883, CVE-2023-21835, CVE-2023-21843
SHA-256 | bf899bbd419fd54940c09ac833ba4df8f15db322208d5ebc4b227f46fff13a7d
Red Hat Security Advisory 2023-0627-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0627-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | d1c78f399852540080aa090aa576f2525e75012047691ad8df73e3f05bbe920a
Red Hat Security Advisory 2023-0628-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0628-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 991961c149a2621ec132085f733a3ee77062eb5b7f41d156043563fd9512bcc6
Ubuntu Security Notice USN-5810-3
Posted Feb 8, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5810-3 - USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 16.04 ESM. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | ddefb38e6746c1ce9fb7aac486ac5ea3f7c6b269887f093d613429174a76fa2b
Red Hat Security Advisory 2023-0599-01
Posted Feb 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0599-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 7c1a4f14cbe6bae003a19e3a3ce344158b5cc7db8925f069f39b7d06927efa52
Red Hat Security Advisory 2023-0596-01
Posted Feb 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0596-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 558be28f677d1fb569fcee5dbe02f4ea04f644b7be461799dfa4e497b6dcd642
Red Hat Security Advisory 2023-0609-01
Posted Feb 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0609-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 79e56ee993f16c75202cd82fac5104a1752d0a6d1730b5048f7d7902e3914e60
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close