CVE-2022-39260
Summary
| CVE | CVE-2022-39260 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-19 12:15:00 UTC |
| Updated | 2023-12-27 10:15:00 UTC |
| Description | Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround. |
Risk And Classification
Problem Types: CWE-787 | CWE-122
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apple | Xcode | All | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Application | Git-scm | Git | All | All | All | All |
| Application | Git-scm | Git | 2.38.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: APPLE-SA-2022-11-01-1 Xcode 14.1 | FULLDISC | seclists.org | |
| [SECURITY] Fedora 35 Update: git-2.38.1-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Heap overflow in `git shell` leading to RCE · Advisory · git/git · GitHub | CONFIRM | github.com | |
| [SECURITY] Fedora 35 Update: git-2.38.1-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: git-2.38.1-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] [DLA 3239-1] git security update | MLIST | lists.debian.org | |
| Git: Multiple Vulnerabilities (GLSA 202312-15) — Gentoo security | security.gentoo.org | ||
| [SECURITY] Fedora 37 Update: git-2.38.1-1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| About the security content of Xcode 14.1 - Apple Support | CONFIRM | support.apple.com | |
| [SECURITY] Fedora 36 Update: git-2.38.1-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 37 Update: git-2.38.1-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160630 Oracle Enterprise Linux Security Update for git (ELSA-2023-2319)
- 160657 Oracle Enterprise Linux Security Update for git (ELSA-2023-2859)
- 181320 Debian Security Update for git (DLA 3239-1)
- 181321 Debian Security Update for git (DLA 3239-2)
- 181518 Debian Security Update for git (DSA 5332-1)
- 182489 Debian Security Update for git (CVE-2022-39260)
- 198993 Ubuntu Security Notification for Git Vulnerabilities (USN-5686-1)
- 199040 Ubuntu Security Notification for Git Vulnerabilities (USN-5686-3)
- 241436 Red Hat Update for git (RHSA-2023:2319)
- 241487 Red Hat Update for git (RHSA-2023:2859)
- 242859 Red Hat Update for git (RHSA-2024:0407)
- 283258 Fedora Security Update for git (FEDORA-2022-8b58806840)
- 283271 Fedora Security Update for git (FEDORA-2022-53aadd995f)
- 283469 Fedora Security Update for git (FEDORA-2022-fb088df94c)
- 354134 Amazon Linux Security Advisory for git : ALAS2-2022-1886
- 354246 Amazon Linux Security Advisory for git : ALAS-2022-1653
- 354335 Amazon Linux Security Advisory for git : ALAS2022-2022-254
- 354580 Amazon Linux Security Advisory for git : ALAS-2022-254
- 355061 Amazon Linux Security Advisory for git : AL2012-2023-385
- 355256 Amazon Linux Security Advisory for git : ALAS2023-2023-065
- 377735 Apple Xcode Prior to 14.1 Vulnerabilities (HT213496)
- 502550 Alpine Linux Security Update for git
- 502551 Alpine Linux Security Update for git
- 502552 Alpine Linux Security Update for git
- 502553 Alpine Linux Security Update for git
- 502726 Alpine Linux Security Update for git
- 505620 Alpine Linux Security Update for git
- 672479 EulerOS Security Update for git (EulerOS-SA-2023-1009)
- 672505 EulerOS Security Update for git (EulerOS-SA-2023-1034)
- 672527 EulerOS Security Update for git (EulerOS-SA-2023-1123)
- 672572 EulerOS Security Update for git (EulerOS-SA-2023-1099)
- 672591 EulerOS Security Update for git (EulerOS-SA-2023-1314)
- 672632 EulerOS Security Update for git (EulerOS-SA-2023-1356)
- 672657 EulerOS Security Update for git (EulerOS-SA-2023-1384)
- 672784 EulerOS Security Update for git (EulerOS-SA-2023-1502)
- 690963 Free Berkeley Software Distribution (FreeBSD) Security Update for git (2523bc76-4f01-11ed-929b-002590f2a714)
- 710816 Gentoo Linux Git Multiple Vulnerabilities (GLSA 202312-15)
- 752782 SUSE Enterprise Linux Security Update for git (SUSE-SU-2022:3931-1)
- 752937 SUSE Enterprise Linux Security Update for git (SUSE-SU-2022:4271-1)
- 753699 SUSE Enterprise Linux Security Update for git (SUSE-SU-2023:0418-1)
- 941032 AlmaLinux Security Update for git (ALSA-2023:2319)
- 941077 AlmaLinux Security Update for git (ALSA-2023:2859)