Lucene search
UbuntuUSN-5810-2HistoryJan 19, 2023 - 12:00 a.m.
Git regression
2023-01-1900:00:00
ubuntu.com
45
git
regression
ubuntu 20.04 lts
ubuntu 18.04 esm
vulnerabilities
update
cve-2022-23521
cve-2022-41903
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.013 Low
EPSS
Percentile
85.6%
Releases
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
Packages
- git - fast, scalable, distributed revision control system
Details
USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it
was missing some commit lines. This update fixes the problem.
Original advisory details:
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 20.04 | noarch | git | < 1:2.25.1-1ubuntu3.8 | UNKNOWN |
| Ubuntu | 20.04 | noarch | git-all | < 1:2.25.1-1ubuntu3.8 | UNKNOWN |
| Ubuntu | 20.04 | noarch | git-cvs | < 1:2.25.1-1ubuntu3.8 | UNKNOWN |
| Ubuntu | 20.04 | noarch | git-daemon-run | < 1:2.25.1-1ubuntu3.8 | UNKNOWN |
| Ubuntu | 20.04 | noarch | git-daemon-sysvinit | < 1:2.25.1-1ubuntu3.8 | UNKNOWN |
| Ubuntu | 20.04 | noarch | git-dbgsym | < 1:2.25.1-1ubuntu3.8 | UNKNOWN |
| Ubuntu | 20.04 | noarch | git-doc | < 1:2.25.1-1ubuntu3.8 | UNKNOWN |
| Ubuntu | 20.04 | noarch | git-el | < 1:2.25.1-1ubuntu3.8 | UNKNOWN |
| Ubuntu | 20.04 | noarch | git-email | < 1:2.25.1-1ubuntu3.8 | UNKNOWN |
| Ubuntu | 20.04 | noarch | git-gui | < 1:2.25.1-1ubuntu3.8 | UNKNOWN |
References
Related
hivepro
hivepro
nessus
nessus
Fedora 37 : git (2023-9718cc6113)
2023-01-21 00:00:00
Debian DLA-3282-1 : git - LTS security update
2023-01-26 00:00:00
RHEL 8 : git (RHSA-2023:0596)
2023-02-06 00:00:00
cloudfoundry
cloudfoundry
USN-5810-1: Git vulnerabilities | Cloud Foundry
2023-02-23 00:00:00
USN-5810-2: Git regression | Cloud Foundry
2023-02-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package git version 2.33.6-alt1
2023-01-20 00:00:00
osv
osv
Important: git security update
2023-02-06 00:00:00
git - security update
2023-01-26 00:00:00
git vulnerabilities
2023-02-07 16:07:05
openvas
openvas
openSUSE: Security Advisory for git (SUSE-SU-2023:0110-1)
2024-03-04 00:00:00
Fedora: Security Advisory for git (FEDORA-2023-9718cc6113)
2023-01-22 00:00:00
Ubuntu: Security Advisory (USN-5810-3)
2023-02-08 00:00:00
redhat
redhat
(RHSA-2023:0597) Important: rh-git227-git security update
2023-02-06 16:23:31
(RHSA-2023:0596) Important: git security update
2023-02-06 16:22:09
(RHSA-2023:0610) Important: git security update
2023-02-06 19:25:41
almalinux
almalinux
Important: git security update
2023-02-06 00:00:00
Important: git security update
2023-02-06 00:00:00
thn
thn
Git Users Urged to Update Software to Prevent Remote Code Execution Attacks
2023-01-18 09:28:00
Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo
2023-07-25 04:17:00
rocky
rocky
git security update
2023-02-06 19:25:41
git security update
2023-02-06 19:26:44
slackware
slackware
[slackware-security] git
2023-01-18 06:22:27
mageia
mageia
Updated git packages fix security vulnerability
2023-02-07 03:06:39
ubuntu
ubuntu
Git vulnerabilities
2023-01-17 00:00:00
Git vulnerabilities
2023-02-07 00:00:00
Git vulnerabilities
2023-03-01 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: git-2.39.1-1.fc36
2023-01-21 03:44:31
[SECURITY] Fedora 37 Update: git-2.39.1-1.fc37
2023-01-21 03:35:26
oraclelinux
oraclelinux
git security update
2023-02-07 00:00:00
git security update
2023-02-07 00:00:00
git security update
2023-02-28 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2130
2023-03-07 12:33:13
Advisory ROSA-SA-2024-2398
2024-04-11 08:08:00
redos
redos
ROS-20230418-03
2023-04-18 00:00:00
debian
debian
[SECURITY] [DLA 3282-1] git security update
2023-01-26 13:00:35
[SECURITY] [DSA 5332-1] git security update
2023-01-29 16:59:53
amazon
amazon
Important: git
2023-01-31 20:44:00
Important: git
2023-01-30 16:02:00
centos
centos
emacs, git, gitk, gitweb, perl security update
2023-03-01 14:01:43
github
github
Git security vulnerabilities announced
2023-01-17 18:31:50
kaspersky
kaspersky
KLA20182 Multiple vulnerabilities in Git for Windows
2023-01-17 00:00:00
KLA20235 Multiple vulnerabilities in Microsoft Developer Tools
2023-02-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0327
2023-02-06 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0526
2023-02-03 00:00:00
malwarebytes
malwarebytes
Update now! Two critical flaws in Git's code found, patched
2023-01-19 04:00:00
cgr
cgr
CVE-2022-23521 vulnerabilities
2024-05-19 03:07:16
CVE-2022-41903 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2022-23521 gitattributes parsing integer overflow in git
2023-01-17 22:17:17
alpinelinux
alpinelinux
CVE-2022-41903
2023-01-17 23:15:15
CVE-2022-23521
2023-01-17 23:15:15
nvd
nvd
CVE-2022-41903
2023-01-17 23:15:15
CVE-2022-23521
2023-01-17 23:15:15
wolfi
wolfi
CVE-2022-41903 vulnerabilities
2024-07-05 21:08:40
CVE-2022-23521 vulnerabilities
2024-07-05 21:08:40
redhatcve
redhatcve
CVE-2022-23521
2023-01-18 17:05:12
CVE-2022-41903
2023-02-06 20:54:43
cbl_mariner
cbl_mariner
CVE-2022-41903 affecting package git 2.23.4-2
2023-02-14 02:36:00
CVE-2022-23521 affecting package git 2.23.4-2
2023-02-14 02:36:00
CVE-2022-41903 affecting package git for versions less than 2.33.8-2
2023-09-27 18:02:50
debiancve
debiancve
CVE-2022-41903
2023-01-17 23:15:15
CVE-2022-23521
2023-01-17 23:15:15
cve
cve
CVE-2022-41903
2023-01-17 23:15:15
CVE-2022-23521
2023-01-17 23:15:15
veracode
veracode
Remote Code Execution(RCE)
2023-01-20 20:06:05
Integer Overflow
2023-01-18 20:22:07
prion
prion
Integer overflow
2023-01-17 23:15:00
Integer overflow
2023-01-17 23:15:00
ubuntucve
ubuntucve
CVE-2022-41903
2023-01-17 00:00:00
CVE-2022-23521
2023-01-17 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Git [CVE-2022-41903]
2023-04-06 19:28:48
freebsd
freebsd
git -- Heap overflow in `git archive`, `git log --format` leading to RCE
2023-01-17 00:00:00
git -- gitattributes parsing integer overflow
2023-01-17 00:00:00
mscve
mscve
GitHub: CVE-2022-23521 gitattributes parsing integer overflow
2023-02-14 08:00:00
gentoo
gentoo
Git: Multiple Vulnerabilities
2023-12-27 00:00:00
cloudlinux
cloudlinux
git: Fix of 4 CVEs
2023-02-24 09:34:40
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.013 Low
EPSS
Percentile
85.6%
Related for USN-5810-2