Lucene search
Veracode Vulnerability DatabaseVERACODE:38912HistoryJan 18, 2023 - 8:22 p.m.
Integer Overflow
2023-01-1820:22:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
git
integer overflow
vulnerability
commit formatting
software
padding operators
memcpy
export-subst mechanism
0.003 Low
EPSS
Percentile
69.1%
git is vulnerable to integer overflows. When processing the padding operators, there is a integer overflow in pretty.c::format_and_pad_commit() where a size_t is stored improperly as an int, and then added as an offset to a memcpy(). This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., git log --format=...). It may also be triggered indirectly through git archive via the export-subst mechanism.
References
git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst
git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem
github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
security.gentoo.org/glsa/202312-15
Related
cgr
cgr
CVE-2022-41903 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2022-41903
2023-01-17 23:15:15
cve
cve
CVE-2022-41903
2023-01-17 23:15:15
osv
osv
CVE-2022-41903
2023-01-17 23:15:15
Important: git security update
2023-02-06 19:26:44
Important: git security update
2023-02-06 19:25:41
cbl_mariner
cbl_mariner
CVE-2022-41903 affecting package git 2.23.4-2
2023-02-14 02:36:00
CVE-2022-41903 affecting package git for versions less than 2.33.8-2
2023-09-27 18:02:50
ubuntucve
ubuntucve
CVE-2022-41903
2023-01-17 00:00:00
redhatcve
redhatcve
CVE-2022-41903
2023-02-06 20:54:43
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in Git [CVE-2022-41903]
2023-04-06 19:28:48
Security Bulletin: IBM Cloud Pak for Network Automation 2.4.5 addresses multiple security vulnerabilities
2023-04-17 13:48:36
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-03-30 15:19:31
prion
prion
Integer overflow
2023-01-17 23:15:00
nessus
nessus
GitLab 0.0 < 15.5.9 / 15.6 < 15.6.6 / 15.7 < 15.7.5 (CVE-2022-41903)
2024-01-03 00:00:00
FreeBSD : git -- Heap overflow in `git archive`, `git log --format` leading to RCE (2fcca7e4-b1d7-11ed-b0f4-002590f2a714)
2023-02-21 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Git vulnerabilities (USN-5810-1)
2023-01-17 00:00:00
cvelist
cvelist
freebsd
freebsd
git -- Heap overflow in `git archive`, `git log --format` leading to RCE
2023-01-17 00:00:00
alpinelinux
alpinelinux
CVE-2022-41903
2023-01-17 23:15:15
wolfi
wolfi
CVE-2022-41903 vulnerabilities
2024-06-29 09:08:33
nvd
nvd
CVE-2022-41903
2023-01-17 23:15:15
ubuntu
ubuntu
Git regression
2023-01-19 00:00:00
Git vulnerabilities
2023-02-07 00:00:00
Git vulnerabilities
2023-03-01 00:00:00
redhat
redhat
(RHSA-2023:0599) Important: git security update
2023-02-06 16:26:37
(RHSA-2023:0609) Important: git security update
2023-02-06 19:24:22
(RHSA-2023:0611) Important: git security update
2023-02-06 19:26:44
amazon
amazon
Important: git
2023-01-31 20:44:00
Important: git
2023-01-30 16:02:00
oraclelinux
oraclelinux
git security update
2023-02-07 00:00:00
git security update
2023-02-28 00:00:00
git security update
2023-02-07 00:00:00
almalinux
almalinux
Important: git security update
2023-02-06 00:00:00
Important: git security update
2023-02-06 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0033)
2023-03-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0108-1)
2023-01-23 00:00:00
openSUSE: Security Advisory for git (SUSE-SU-2023:0110-1)
2024-03-04 00:00:00
hivepro
hivepro
cloudfoundry
cloudfoundry
USN-5810-1: Git vulnerabilities | Cloud Foundry
2023-02-23 00:00:00
USN-5810-2: Git regression | Cloud Foundry
2023-02-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package git version 2.33.6-alt1
2023-01-20 00:00:00
slackware
slackware
[slackware-security] git
2023-01-18 06:22:27
thn
thn
Git Users Urged to Update Software to Prevent Remote Code Execution Attacks
2023-01-18 09:28:00
Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo
2023-07-25 04:17:00
rocky
rocky
git security update
2023-02-06 19:25:41
git security update
2023-02-06 19:26:44
fedora
fedora
[SECURITY] Fedora 37 Update: git-2.39.1-1.fc37
2023-01-21 03:35:26
[SECURITY] Fedora 36 Update: git-2.39.1-1.fc36
2023-01-21 03:44:31
centos
centos
emacs, git, gitk, gitweb, perl security update
2023-03-01 14:01:43
debian
debian
[SECURITY] [DLA 3282-1] git security update
2023-01-26 13:00:35
[SECURITY] [DSA 5332-1] git security update
2023-01-29 16:59:53
mageia
mageia
Updated git packages fix security vulnerability
2023-02-07 03:06:39
rosalinux
rosalinux
Advisory ROSA-SA-2023-2130
2023-03-07 12:33:13
Advisory ROSA-SA-2024-2398
2024-04-11 08:08:00
redos
redos
ROS-20230418-03
2023-04-18 00:00:00
kaspersky
kaspersky
KLA20182 Multiple vulnerabilities in Git for Windows
2023-01-17 00:00:00
github
github
Git security vulnerabilities announced
2023-01-17 18:31:50
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0526
2023-02-03 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0327
2023-02-06 00:00:00
malwarebytes
malwarebytes
Update now! Two critical flaws in Git's code found, patched
2023-01-19 04:00:00
cloudlinux
cloudlinux
git: Fix of 4 CVEs
2023-02-24 09:34:40
gentoo
gentoo
Git: Multiple Vulnerabilities
2023-12-27 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00