Описание
Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is a integer overflow in pretty.c::format_and_pad_commit() where a size_t is stored improperly as an int, and then added as an offset to a memcpy(). This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., git log --format=...). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable t...
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:2.17.1-1ubuntu0.15 |
| devel | released | 1:2.39.1-0.1ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was released [1:1.9.1-1ubuntu0.10+esm1] |
| esm-infra/bionic | not-affected | 1:2.17.1-1ubuntu0.15 |
| esm-infra/focal | not-affected | 1:2.25.1-1ubuntu3.8 |
| esm-infra/xenial | released | 1:2.7.4-0ubuntu1.10+esm4 |
| focal | released | 1:2.25.1-1ubuntu3.8 |
| jammy | released | 1:2.34.1-1ubuntu1.6 |
| kinetic | released | 1:2.37.2-1ubuntu1.2 |
| lunar | released | 1:2.39.1-0.1ubuntu1 |
Показывать по
Ссылки на источники
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable t...
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to u
Git is distributed revision control system. `git log` can display comm ...
Уязвимость функции pretty.c::format_and_pad_commit() механизма форматирования коммитов распределенной системы контроля версий Git, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3