Описание
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).
It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.
Отчет
The vulnerability is considered moderate rather than important due to the specific and limited conditions required for exploitation. For an attack to succeed, a MitM attacker would need to intercept Git traffic and inject specially crafted ANSI escape sequences. The severity is mitigated by the fact that not all terminal emulators interpret escape sequences in a way that could result in code execution or harmful actions. Modern terminal emulators, especially those used in Red Hat Enterprise Linux, typically sanitize escape sequences or do not support dangerous behaviors like file manipulation or code execution triggered via ANSI sequences. As a result, the potential impact is constrained to terminal emulators with flawed handling of escape codes, reducing the overall risk.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | git | Will not fix | ||
| Red Hat Enterprise Linux 7 | git | Will not fix | ||
| Red Hat Enterprise Linux 8 | git | Will not fix | ||
| Red Hat Software Collections | rh-git29-git | Will not fix |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS3
Связанные уязвимости
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).
GIT version 2.15.1 and earlier contains a Input Validation Error vulne ...
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).
5 Medium
CVSS3