CVE-2022-41903

Summary

CVE	CVE-2022-41903
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-01-17 23:15:00 UTC
Updated	2023-12-27 10:15:00 UTC
Description	Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Git-scm	Git	2.39.0	All	All	All
Application	Git-scm	Git	All	All	All	All
Application	Git-scm	Git	All	All	All	All
Application	Git-scm	Git	All	All	All	All
Application	Git-scm	Git	All	All	All	All
Application	Git-scm	Git	All	All	All	All
Application	Git-scm	Git	All	All	All	All
Application	Git-scm	Git	All	All	All	All
Application	Git-scm	Git	All	All	All	All
Application	Git-scm	Git	All	All	All	All

References

Reference	Source	Link	Tags
Sync with 2.39.1 · git/git@508386c · GitHub	MISC	github.com
Git - pretty-formats Documentation	MISC	git-scm.com
Heap overflow in `git archive`, `git log --format` leading to RCE · Advisory · git/git · GitHub	MISC	github.com
Git: Multiple Vulnerabilities (GLSA 202312-15) — Gentoo security		security.gentoo.org
Git - Git Attributes	MISC	git-scm.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160443 Oracle Enterprise Linux Security Update for git (ELSA-2023-0610)
160446 Oracle Enterprise Linux Security Update for git (ELSA-2023-0611)
160487 Oracle Enterprise Linux Security Update for git (ELSA-2023-0978)
181505 Debian Security Update for git (DLA 3282-1)
181518 Debian Security Update for git (DSA 5332-1)
184763 Debian Security Update for git (CVE-2022-41903)
199108 Ubuntu Security Notification for Git Vulnerabilities (USN-5810-1)
199516 Ubuntu Security Notification for Git Vulnerabilities (USN-5810-3)
199582 Ubuntu Security Notification for Git Vulnerabilities (USN-5810-4)
241158 Red Hat Update for git (RHSA-2023:0596)
241161 Red Hat Update for rh-git227-git (RHSA-2023:0597)
241163 Red Hat Update for git (RHSA-2023:0611)
241166 Red Hat Update for git (RHSA-2023:0610)
241170 Red Hat Update for git (RHSA-2023:0627)
241174 Red Hat Update for git (RHSA-2023:0628)
241224 Red Hat Update for git (RHSA-2023:0978)
241611 Red Hat Update for git (RHSA-2023:0599)
241642 Red Hat Update for git (RHSA-2023:0609)
257225 CentOS Security Update for git (CESA-2023:0978)
283618 Fedora Security Update for git (FEDORA-2023-9718cc6113)
283619 Fedora Security Update for git (FEDORA-2023-746c4aacce)
354718 Amazon Linux Security Advisory for git : ALAS-2023-1679
354733 Amazon Linux Security Advisory for git : ALAS2-2023-1923
355061 Amazon Linux Security Advisory for git : AL2012-2023-385
355256 Amazon Linux Security Advisory for git : ALAS2023-2023-065
377913 Git Multiple Security Vulnerabilities
377997 Alibaba Cloud Linux Security Update for git (ALINUX3-SA-2023:0020)
378118 Alibaba Cloud Linux Security Update for git (ALINUX2-SA-2023:0012)
502636 Alpine Linux Security Update for git
502638 Alpine Linux Security Update for git
502639 Alpine Linux Security Update for git
502727 Alpine Linux Security Update for git
503106 Alpine Linux Security Update for git
505872 Alpine Linux Security Update for git
672708 EulerOS Security Update for git (EulerOS-SA-2023-1466)
672737 EulerOS Security Update for git (EulerOS-SA-2023-1441)
672793 EulerOS Security Update for git (EulerOS-SA-2023-1548)
672811 EulerOS Security Update for git (EulerOS-SA-2023-1523)
672868 EulerOS Security Update for git (EulerOS-SA-2023-1594)
672898 EulerOS Security Update for git (EulerOS-SA-2023-1757)
672902 EulerOS Security Update for git (EulerOS-SA-2023-1779)
673069 EulerOS Security Update for git (EulerOS-SA-2023-2145)
691068 Free Berkeley Software Distribution (FreeBSD) Security Update for git (2fcca7e4-b1d7-11ed-b0f4-002590f2a714)
710816 Gentoo Linux Git Multiple Vulnerabilities (GLSA 202312-15)
753543 SUSE Enterprise Linux Security Update for git (SUSE-SU-2023:0109-1)
753549 SUSE Enterprise Linux Security Update for git (SUSE-SU-2023:0110-1)
753550 SUSE Enterprise Linux Security Update for git (SUSE-SU-2023:0108-1)
905274 Common Base Linux Mariner (CBL-Mariner) Security Update for git (13016)
905275 Common Base Linux Mariner (CBL-Mariner) Security Update for git (13026)
905477 Common Base Linux Mariner (CBL-Mariner) Security Update for git (13016-1)
907379 Common Base Linux Mariner (CBL-Mariner) Security Update for git (13026-1)
940913 AlmaLinux Security Update for git (ALSA-2023:0610)
940915 AlmaLinux Security Update for git (ALSA-2023:0611)
960534 Rocky Linux Security Update for git (RLSA-2023:0611)
960568 Rocky Linux Security Update for git (RLSA-2023:0610)