CVE-2022-23521
Vulnerability from cvelistv5
Published
2023-01-17 22:17
Modified
2024-10-15 18:34
Severity ?
Summary
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:43:46.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89"
          },
          {
            "name": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202312-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23521",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:36:25.330950Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T18:34:26.130Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "git",
          "vendor": "git",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.30.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.31.0, \u003c 2.31.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.32.0, \u003c 2.32.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.33.0, \u003c 2.33.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.34.0, \u003c 2.34.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.35.0, \u003c 2.35.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.36.0, \u003c 2.36.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.37.0, \u003c 2.37.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.38.0, \u003c 2.38.3"
            },
            {
              "status": "affected",
              "version": "= 2.39.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-17T22:17:17.765Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89"
        },
        {
          "name": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76"
        },
        {
          "url": "https://security.gentoo.org/glsa/202312-15"
        }
      ],
      "source": {
        "advisory": "GHSA-c738-c5qq-xg89",
        "discovery": "UNKNOWN"
      },
      "title": "gitattributes parsing integer overflow in git"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-23521",
    "datePublished": "2023-01-17T22:17:17.765Z",
    "dateReserved": "2022-01-19T21:23:53.781Z",
    "dateUpdated": "2024-10-15T18:34:26.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-23521\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-01-17T23:15:15.580\",\"lastModified\":\"2024-11-21T06:48:44.380\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.\"},{\"lang\":\"es\",\"value\":\"Git es un sistema de control de revisiones distribuido. Los gitattributes son un mecanismo que permite definir atributos para las rutas. Estos atributos se pueden definir agregando un archivo `.gitattributes` al repositorio, que contiene un conjunto de patrones de archivos y los atributos que deben establecerse para las rutas que coincidan con este patr\u00f3n. Al analizar gitattributes, pueden ocurrir m\u00faltiples desbordamientos de enteros cuando hay una gran cantidad de patrones de ruta, una gran cantidad de atributos para un solo patr\u00f3n o cuando los nombres de atributos declarados son enormes. Estos desbordamientos se pueden desencadenar a trav\u00e9s de un archivo `.gitattributes` manipulado que puede ser parte del historial de confirmaciones. Git divide silenciosamente l\u00edneas de m\u00e1s de 2 KB cuando analiza los atributos de git de un archivo, pero no cuando los analiza desde el \u00edndice. En consecuencia, el modo de falla depende de si el archivo existe en el \u00e1rbol de trabajo, en el \u00edndice o en ambos. Este desbordamiento de enteros puede provocar lecturas y escrituras arbitrarias en el almacenamiento din\u00e1mico, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo. El problema ha sido solucionado en las versiones publicadas el 17-01-2023, remont\u00e1ndose a la v2.30.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.30.6\",\"matchCriteriaId\":\"8D0B133C-FC2B-4CBF-8840-C85F6D650510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.31.0\",\"versionEndIncluding\":\"2.31.5\",\"matchCriteriaId\":\"BA5113C4-D095-4E76-A6C6-F849E11DFA9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.32.0\",\"versionEndIncluding\":\"2.32.4\",\"matchCriteriaId\":\"B82E8E87-1083-45B9-A273-E6AB31548D56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.33.0\",\"versionEndIncluding\":\"2.33.5\",\"matchCriteriaId\":\"C9162726-CACE-4CB9-ACDE-204655D6BB3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.34.0\",\"versionEndIncluding\":\"2.34.5\",\"matchCriteriaId\":\"65D149AF-5604-4109-A60B-CB7B5BBBEE87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.35.0\",\"versionEndIncluding\":\"2.35.5\",\"matchCriteriaId\":\"383C057B-98D3-4AC6-9D43-AE13CC81FEC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.36.0\",\"versionEndIncluding\":\"2.36.3\",\"matchCriteriaId\":\"7B191BB2-D3C9-440D-8F7F-237BE0CBDB96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.37.0\",\"versionEndIncluding\":\"2.37.4\",\"matchCriteriaId\":\"E3F7AE8C-A383-442C-8E74-7BC13E8B251D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.38.0\",\"versionEndIncluding\":\"2.38.2\",\"matchCriteriaId\":\"28F8851A-1566-4F16-AEC4-2C09AC866C2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:2.39.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC98AC76-7F3E-45A0-9DE6-3D097CEE5199\"}]}]}],\"references\":[{\"url\":\"https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-15\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.