exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

CVE-2022-41903

Status Candidate

Overview

Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.

Related Files

Gentoo Linux Security Advisory 202312-15
Posted Dec 27, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007
SHA-256 | 40da540c38bd337ca3d0a368d288902ef88dd450d5f78bccef5cef2ef2758381
Red Hat Security Advisory 2023-1677-01
Posted Apr 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1677-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903, CVE-2023-0266, CVE-2023-0386, CVE-2023-0767
SHA-256 | d50fcde157b0d81293003398a54404e2ecee374586626ce00fc2dbcc0d6bdaa5
Red Hat Security Advisory 2023-1158-01
Posted Mar 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1158-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.31. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-21698, CVE-2022-23521, CVE-2022-41903
SHA-256 | a19feccbce0161454f9c6187a8a2db5cc8dbc554c88b7361d92fab7112e0b0fc
Ubuntu Security Notice USN-5810-4
Posted Mar 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5810-4 - USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 14.04 ESM. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | b7a001a11349d2b730cffb3f46ef81dd964ff8de4579c792ea639ca4409331c5
Red Hat Security Advisory 2023-0895-01
Posted Feb 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0895-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2022-23521, CVE-2022-41903
SHA-256 | 7a32d3f62970f0d43a33d17d8aa9612b3eb48e892ab787ada4397f1315d9a773
Red Hat Security Advisory 2023-0978-01
Posted Feb 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0978-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | f9995ae6dacfd02db677646ff8b9b042c67fba6965a6700f58a151fb62f4f238
Red Hat Security Advisory 2023-0977-01
Posted Feb 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0977-01 - Red Hat OpenShift Data Science 1.22.1 security update. Issues addressed include an improper authorization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-40303, CVE-2022-40304, CVE-2022-41903, CVE-2022-4415, CVE-2022-47629, CVE-2023-0923
SHA-256 | a878915a7f3ed4aeab08fa389c9615a55546bab6b3649cdfebce0a5bcf1c42d3
Red Hat Security Advisory 2023-0774-01
Posted Feb 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0774-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.28. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2021-4238, CVE-2022-23521, CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41717, CVE-2022-41903, CVE-2022-4337, CVE-2022-4338
SHA-256 | ca47c0cea81330f5de88e4e9f79a211719d421c59b8c4c4424353cdd2b6b0a26
Red Hat Security Advisory 2023-0769-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0769-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3577, CVE-2021-21684, CVE-2021-41190, CVE-2021-41772, CVE-2021-44716, CVE-2021-44717, CVE-2022-0532, CVE-2022-23521, CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41717, CVE-2022-41903, CVE-2022-4337
SHA-256 | 20c14138d614f3562deddf605958c632df18832222932f78d3f827178015c6b6
Red Hat Security Advisory 2023-0803-01
Posted Feb 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0803-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4238, CVE-2022-23521, CVE-2022-3064, CVE-2022-40303, CVE-2022-40304, CVE-2022-41903, CVE-2022-47629, CVE-2023-23947
SHA-256 | 05bca020b45a5ad890a5c1c749e28d4f329578a1e2dd2a308e6f48d053941a32
Red Hat Security Advisory 2023-0804-01
Posted Feb 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0804-01 - An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4238, CVE-2022-23521, CVE-2022-3064, CVE-2022-40303, CVE-2022-40304, CVE-2022-41903, CVE-2022-47629, CVE-2023-23947
SHA-256 | d0f00b645749c7f3dab3ca1da2c175d01a5adf448a194fffc6eacf10adf65637
Red Hat Security Advisory 2023-0802-01
Posted Feb 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0802-01 - An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4238, CVE-2022-23521, CVE-2022-3064, CVE-2022-40303, CVE-2022-40304, CVE-2022-41903, CVE-2022-47629, CVE-2023-23947
SHA-256 | 32806dda2f0b1a0d5696e60557e35891b58c9f6eab69373f3f1c5382b3b90376
Red Hat Security Advisory 2023-0698-01
Posted Feb 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0698-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.52.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-1471, CVE-2022-23521, CVE-2022-3064, CVE-2022-34174, CVE-2022-38023, CVE-2022-41903, CVE-2022-47629
SHA-256 | c0dd513b503649e92498d15dcdfb12b1a95f94bbc68a63f30f82f0a0cdfdc6d6
Red Hat Security Advisory 2023-0633-01
Posted Feb 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0633-01 - Logging Subsystem 5.5.7 - Red Hat OpenShift.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-40303, CVE-2022-40304, CVE-2022-41903, CVE-2022-47629
SHA-256 | 361215b358f498b51d78ba1a21fe78b246e95380b533e350a0ddf3f5d09e49f2
Red Hat Security Advisory 2023-0632-01
Posted Feb 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-30123, CVE-2022-40303, CVE-2022-40304, CVE-2022-41717, CVE-2022-41903, CVE-2022-44617, CVE-2022-46285, CVE-2022-47629, CVE-2022-4883, CVE-2023-21835, CVE-2023-21843
SHA-256 | bf899bbd419fd54940c09ac833ba4df8f15db322208d5ebc4b227f46fff13a7d
Red Hat Security Advisory 2023-0627-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0627-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | d1c78f399852540080aa090aa576f2525e75012047691ad8df73e3f05bbe920a
Red Hat Security Advisory 2023-0628-01
Posted Feb 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0628-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 991961c149a2621ec132085f733a3ee77062eb5b7f41d156043563fd9512bcc6
Ubuntu Security Notice USN-5810-3
Posted Feb 8, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5810-3 - USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 16.04 ESM. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | ddefb38e6746c1ce9fb7aac486ac5ea3f7c6b269887f093d613429174a76fa2b
Red Hat Security Advisory 2023-0599-01
Posted Feb 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0599-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 7c1a4f14cbe6bae003a19e3a3ce344158b5cc7db8925f069f39b7d06927efa52
Red Hat Security Advisory 2023-0596-01
Posted Feb 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0596-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 558be28f677d1fb569fcee5dbe02f4ea04f644b7be461799dfa4e497b6dcd642
Red Hat Security Advisory 2023-0609-01
Posted Feb 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0609-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 79e56ee993f16c75202cd82fac5104a1752d0a6d1730b5048f7d7902e3914e60
Red Hat Security Advisory 2023-0610-01
Posted Feb 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0610-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 7982bcc1f8e1f487125edd83812d03bdd8272fc089e49e406f4cb6177146f42f
Red Hat Security Advisory 2023-0611-01
Posted Feb 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0611-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 2e2f25be18982abe9cf4dff88d3f9d67a8fd7ebbdc427f8924f5e38e5729e9c9
Red Hat Security Advisory 2023-0597-01
Posted Feb 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0597-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903
SHA-256 | 8216397896ca7c1548f27e097a1c7b2ca70ce5005e1fe8a0306729b8fd968493
Debian Security Advisory 5332-1
Posted Jan 30, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

tags | advisory, remote, arbitrary, shell, local, code execution
systems | linux, debian
advisories | CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903
SHA-256 | da3283ba137fd88f874430e108ec655e6a4a13b1797054b92dadf3a00e03641d
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close