Lucene search
UbuntuUSN-5686-3HistoryNov 21, 2022 - 12:00 a.m.
Git vulnerabilities
2022-11-2100:00:00
ubuntu.com
20
git
ubuntu
security vulnerabilities
symbolic links
code execution
cve-2022-39253
cve-2022-39260
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
Low
0.011 Low
EPSS
Percentile
84.4%
Releases
- Ubuntu 22.10
Packages
- git - fast, scalable, distributed revision control system
Details
USN-5686-1 fixed vulnerabilities in Git. This update provides the corresponding
updates for Ubuntu 22.10.
Original advisory details:
Cory Snider discovered that Git incorrectly handled certain symbolic links.
An attacker could possibly use this issue to cause an unexpected behaviour.
(CVE-2022-39253)
Kevin Backhouse discovered that Git incorrectly handled certain command strings.
An attacker could possibly use this issue to arbitrary code execution.
(CVE-2022-39260)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.10 | noarch | git | < 1:2.37.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | git-all | < 1:2.37.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | git-cvs | < 1:2.37.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | git-daemon-run | < 1:2.37.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | git-daemon-sysvinit | < 1:2.37.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | git-dbgsym | < 1:2.37.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | git-doc | < 1:2.37.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | git-email | < 1:2.37.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | git-gui | < 1:2.37.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | git-man | < 1:2.37.2-1ubuntu1.1 | UNKNOWN |
Related
freebsd
freebsd
git -- Multiple vulnerabilities
2022-06-09 00:00:00
git -- Local clone-based data exfiltration with non-local transports
2023-02-14 00:00:00
nessus
nessus
SUSE SLES12 Security Update : git (SUSE-SU-2022:4271-1)
2022-11-30 00:00:00
EulerOS 2.0 SP11 : git (EulerOS-SA-2023-1009)
2023-01-05 00:00:00
Amazon Linux AMI : git (ALAS-2022-1653)
2022-12-10 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5686-3)
2022-11-22 00:00:00
Fedora: Security Advisory for git (FEDORA-2022-fb088df94c)
2022-11-11 00:00:00
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1502)
2023-03-09 00:00:00
osv
osv
git vulnerabilities
2022-10-18 17:59:28
git - security update
2022-12-13 00:00:00
Moderate: git security and bug fix update
2023-05-16 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: git-2.38.1-1.fc36
2022-10-28 11:15:54
[SECURITY] Fedora 35 Update: git-2.38.1-1.fc35
2022-11-02 15:46:46
[SECURITY] Fedora 37 Update: git-2.38.1-1.fc37
2022-11-10 22:48:58
ubuntu
ubuntu
Git vulnerabilities
2022-10-18 00:00:00
Git vulnerability
2022-11-17 00:00:00
Git vulnerability
2023-03-28 00:00:00
kaspersky
kaspersky
KLA20184 Multiple vulnerabilities in Git for Windows
2022-10-18 00:00:00
KLA20040 Multiple vulnerabilities in Microsoft Developer Tools
2022-11-08 00:00:00
amazon
amazon
github
github
Git security vulnerabilities announced
2022-10-18 17:11:45
Container build can leak any path on the host into the container
2022-11-11 00:03:31
Git security vulnerabilities announced
2023-02-14 18:45:56
slackware
slackware
[slackware-security] git
2022-10-18 20:40:51
[slackware-security] git
2023-02-15 19:51:52
altlinux
altlinux
Security fix for the ALT Linux 10 package git version 2.33.5-alt1
2022-10-22 00:00:00
cloudfoundry
cloudfoundry
USN-5686-1: Git vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
mageia
mageia
Updated git packages fix security vulnerability
2022-10-28 09:54:08
Updated git packages fix security vulnerability
2023-02-27 23:27:16
redhat
redhat
(RHSA-2023:2319) Moderate: git security and bug fix update
2023-05-09 05:07:19
(RHSA-2023:2859) Moderate: git security and bug fix update
2023-05-16 05:56:35
(RHSA-2024:0407) Moderate: git security update
2024-01-24 14:40:19
apple
apple
About the security content of Xcode 14.1
2022-11-01 00:00:00
debian
debian
[SECURITY] [DLA 3239-1] git security update
2022-12-13 22:36:52
[SECURITY] [DLA 3239-2] git regression update
2022-12-14 18:36:03
[SECURITY] [DSA 5332-1] git security update
2023-01-29 16:59:53
almalinux
almalinux
Moderate: git security and bug fix update
2023-05-09 00:00:00
Moderate: git security and bug fix update
2023-05-16 00:00:00
oraclelinux
oraclelinux
git security and bug fix update
2023-05-15 00:00:00
git security and bug fix update
2023-05-23 00:00:00
cvelist
cvelist
prion
prion
Heap overflow
2022-10-19 12:15:00
Design/Logic Flaw
2022-10-19 11:15:00
Design/Logic Flaw
2023-02-14 20:15:00
veracode
veracode
Heap-based Buffer Overflow
2022-10-20 19:48:22
Information Disclosure
2022-10-20 19:55:20
nvd
nvd
photon
photon
Important Photon OS Security Update - PHSA-2022-0538
2022-11-09 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0486
2022-11-11 00:00:00
debiancve
debiancve
wolfi
wolfi
CVE-2022-39260 vulnerabilities
2024-07-01 09:08:36
CVE-2022-39253 vulnerabilities
2024-07-01 09:08:36
cgr
cgr
CVE-2022-39260 vulnerabilities
2024-05-19 03:07:16
CVE-2022-39253 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
ubuntucve
ubuntucve
cve
cve
mscve
mscve
githubexploit
githubexploit
Exploit for Link Following in Git-Scm Git
2022-12-20 08:17:05
alpinelinux
alpinelinux
rosalinux
rosalinux
Advisory ROSA-SA-2023-2292
2023-11-14 13:25:27
Advisory ROSA-SA-2024-2398
2024-04-11 08:08:00
vulnrichment
vulnrichment
gentoo
gentoo
Git: Multiple Vulnerabilities
2023-12-27 00:00:00
cloudlinux
cloudlinux
git: Fix of 4 CVEs
2023-02-24 09:34:40
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
Low
0.011 Low
EPSS
Percentile
84.4%
Related for USN-5686-3