Git for Windows issues update to fix running-someone-elses-code vuln. These affect Git’s -local clone optimization and git shell ‘s interactive command mode. "Additionally, a huge number of integer related issues was identified which may lead to denial-of-service situations, out-of-bound reads or simply badly handled corner cases on large input," X41 D-Sec noted. Youll want to patch these as proof-of-concept exploit code is out there already. Today, the Git project released new versions to address a pair of security vulnerabilities ( CVE-2022-39253, and CVE-2022-39260) that affect versions 2.38 and older. "The most severe issue discovered allows an attacker to trigger a heap-based memory corruption during clone or pull operations, which might result in code execution," the German cybersecurity company said of CVE-2022-23521.ĬVE-2022-41903, also a critical vulnerability, is triggered during an archive operation, leading to code execution by way of an integer overflow flaw that arises when formatting the commit logs. From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your projects code. X41 D-Sec security researchers Markus Vervier and Eric Sesterhenn as well as GitLab's Joern Schneeweisz have been credited with reporting the bugs. Managing code scanning alerts for your repository. Because this is a client-side only vulnerability, and GitHub Enterprise are not directly affected. The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0. A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |