Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39260

Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.

Published

2022-10-19T12:15:10.160

Last Modified

2024-11-21T07:17:54.090

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.5 (HIGH)

Weaknesses

Type: Secondary
CWE-122
CWE-787
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	git-scm	git	< 2.30.6	Yes
Application	git-scm	git	< 2.31.5	Yes
Application	git-scm	git	< 2.32.4	Yes
Application	git-scm	git	< 2.33.5	Yes
Application	git-scm	git	< 2.34.5	Yes
Application	git-scm	git	< 2.35.5	Yes
Application	git-scm	git	< 2.36.3	Yes
Application	git-scm	git	< 2.37.4	Yes
Application	git-scm	git	2.38.0	Yes
Operating System	fedoraproject	fedora	35	Yes
Operating System	fedoraproject	fedora	36	Yes
Operating System	fedoraproject	fedora	37	Yes
Application	apple	xcode	< 14.1	Yes
Operating System	debian	debian_linux	10.0	Yes

References

http://seclists.org/fulldisclosure/2022/Nov/1 Mailing List, Third Party Advisory ([email protected])
https://github.com/git/git/security/advisories/GHSA-rjr6-wcq6-83p6 Mitigation, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHNO2FB55CPX47BAXMBWUBGWHO6N6ZZH/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKFHE4KVD7EKS5J3KTDFVBEKU3CLXGVV/ ([email protected])
https://security.gentoo.org/glsa/202312-15 ([email protected])
https://support.apple.com/kb/HT213496 Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2022/Nov/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/git/git/security/advisories/GHSA-rjr6-wcq6-83p6 Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHNO2FB55CPX47BAXMBWUBGWHO6N6ZZH/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKFHE4KVD7EKS5J3KTDFVBEKU3CLXGVV/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202312-15 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT213496 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)