Executive Summary

Informations
Name CVE-2022-23521 First vendor Publication 2023-01-17
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 9.8
Base Score 9.8 Environmental Score 9.8
impact SubScore 5.9 Temporal Score 9.8
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23521

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 635

Sources (Detail)

https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
https://security.gentoo.org/glsa/202312-15
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Date Informations
2024-11-28 14:07:16
  • Multiple Updates
2024-08-02 13:33:53
  • Multiple Updates
2024-08-02 01:28:43
  • Multiple Updates
2024-02-02 02:32:47
  • Multiple Updates
2024-02-01 12:26:22
  • Multiple Updates
2023-12-27 13:27:46
  • Multiple Updates
2023-09-05 13:27:08
  • Multiple Updates
2023-09-05 01:25:49
  • Multiple Updates
2023-09-02 13:25:28
  • Multiple Updates
2023-09-02 01:26:13
  • Multiple Updates
2023-08-12 13:31:48
  • Multiple Updates
2023-08-12 01:25:28
  • Multiple Updates
2023-08-11 13:23:43
  • Multiple Updates
2023-08-11 01:26:18
  • Multiple Updates
2023-08-06 13:21:29
  • Multiple Updates
2023-08-06 01:25:11
  • Multiple Updates
2023-08-04 13:21:57
  • Multiple Updates
2023-08-04 01:25:33
  • Multiple Updates
2023-07-14 13:21:58
  • Multiple Updates
2023-07-14 01:25:19
  • Multiple Updates
2023-03-29 02:23:48
  • Multiple Updates
2023-03-28 12:25:29
  • Multiple Updates
2023-01-26 17:27:20
  • Multiple Updates
2023-01-18 17:27:18
  • Multiple Updates
2023-01-18 05:27:19
  • First insertion