{"api_version":"1","generated_at":"2026-04-23T06:21:42+00:00","cve":"CVE-2022-39260","urls":{"html":"https://cve.report/CVE-2022-39260","api":"https://cve.report/api/cve/CVE-2022-39260.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-39260","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-39260"},"summary":{"title":"CVE-2022-39260","description":"Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2022-10-19 12:15:00","updated_at":"2023-12-27 10:15:00"},"problem_types":["CWE-787","CWE-122"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2022/Nov/1","name":"20221107 APPLE-SA-2022-11-01-1 Xcode 14.1","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2022-11-01-1 Xcode 14.1","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHNO2FB55CPX47BAXMBWUBGWHO6N6ZZH/","name":"FEDORA-2022-53aadd995f","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: git-2.38.1-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/git/git/security/advisories/GHSA-rjr6-wcq6-83p6","name":"https://github.com/git/git/security/advisories/GHSA-rjr6-wcq6-83p6","refsource":"CONFIRM","tags":[],"title":"Heap overflow in `git shell` leading to RCE · Advisory · git/git · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHNO2FB55CPX47BAXMBWUBGWHO6N6ZZH/","name":"FEDORA-2022-53aadd995f","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: git-2.38.1-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKFHE4KVD7EKS5J3KTDFVBEKU3CLXGVV/","name":"FEDORA-2022-8b58806840","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: git-2.38.1-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html","name":"[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3239-1] git security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202312-15","name":"GLSA-202312-15","refsource":"","tags":[],"title":"Git: Multiple Vulnerabilities (GLSA 202312-15) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD/","name":"FEDORA-2022-fb088df94c","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: git-2.38.1-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT213496","name":"https://support.apple.com/kb/HT213496","refsource":"CONFIRM","tags":[],"title":"About the security content of Xcode 14.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKFHE4KVD7EKS5J3KTDFVBEKU3CLXGVV/","name":"FEDORA-2022-8b58806840","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: git-2.38.1-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD/","name":"FEDORA-2022-fb088df94c","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: git-2.38.1-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-39260","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39260","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"39260","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"xcode","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"39260","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"39260","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"39260","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"39260","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"39260","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"git-scm","cpe5":"git","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"39260","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"git-scm","cpe5":"git","cpe6":"2.38.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-39260","qid":"160630","title":"Oracle Enterprise Linux Security Update for git (ELSA-2023-2319)"},{"cve":"CVE-2022-39260","qid":"160657","title":"Oracle Enterprise Linux Security Update for git (ELSA-2023-2859)"},{"cve":"CVE-2022-39260","qid":"181320","title":"Debian Security Update for git (DLA 3239-1)"},{"cve":"CVE-2022-39260","qid":"181321","title":"Debian Security Update for git (DLA 3239-2)"},{"cve":"CVE-2022-39260","qid":"181518","title":"Debian Security Update for git (DSA 5332-1)"},{"cve":"CVE-2022-39260","qid":"182489","title":"Debian Security Update for git (CVE-2022-39260)"},{"cve":"CVE-2022-39260","qid":"198993","title":"Ubuntu Security Notification for Git Vulnerabilities (USN-5686-1)"},{"cve":"CVE-2022-39260","qid":"199040","title":"Ubuntu Security Notification for Git Vulnerabilities (USN-5686-3)"},{"cve":"CVE-2022-39260","qid":"241436","title":"Red Hat Update for git (RHSA-2023:2319)"},{"cve":"CVE-2022-39260","qid":"241487","title":"Red Hat Update for git (RHSA-2023:2859)"},{"cve":"CVE-2022-39260","qid":"242859","title":"Red Hat Update for git (RHSA-2024:0407)"},{"cve":"CVE-2022-39260","qid":"283258","title":"Fedora Security Update for git (FEDORA-2022-8b58806840)"},{"cve":"CVE-2022-39260","qid":"283271","title":"Fedora Security Update for git (FEDORA-2022-53aadd995f)"},{"cve":"CVE-2022-39260","qid":"283469","title":"Fedora Security Update for git (FEDORA-2022-fb088df94c)"},{"cve":"CVE-2022-39260","qid":"354134","title":"Amazon Linux Security Advisory for git : ALAS2-2022-1886"},{"cve":"CVE-2022-39260","qid":"354246","title":"Amazon Linux Security Advisory for git : ALAS-2022-1653"},{"cve":"CVE-2022-39260","qid":"354335","title":"Amazon Linux Security Advisory for git : ALAS2022-2022-254"},{"cve":"CVE-2022-39260","qid":"354580","title":"Amazon Linux Security Advisory for git : ALAS-2022-254"},{"cve":"CVE-2022-39260","qid":"355061","title":"Amazon Linux Security Advisory for git : AL2012-2023-385"},{"cve":"CVE-2022-39260","qid":"355256","title":"Amazon Linux Security Advisory for git : ALAS2023-2023-065"},{"cve":"CVE-2022-39260","qid":"377735","title":"Apple Xcode Prior to 14.1 Vulnerabilities (HT213496)"},{"cve":"CVE-2022-39260","qid":"502550","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2022-39260","qid":"502551","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2022-39260","qid":"502552","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2022-39260","qid":"502553","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2022-39260","qid":"502726","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2022-39260","qid":"505620","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2022-39260","qid":"672479","title":"EulerOS Security Update for git (EulerOS-SA-2023-1009)"},{"cve":"CVE-2022-39260","qid":"672505","title":"EulerOS Security Update for git (EulerOS-SA-2023-1034)"},{"cve":"CVE-2022-39260","qid":"672527","title":"EulerOS Security Update for git (EulerOS-SA-2023-1123)"},{"cve":"CVE-2022-39260","qid":"672572","title":"EulerOS Security Update for git (EulerOS-SA-2023-1099)"},{"cve":"CVE-2022-39260","qid":"672591","title":"EulerOS Security Update for git (EulerOS-SA-2023-1314)"},{"cve":"CVE-2022-39260","qid":"672632","title":"EulerOS Security Update for git (EulerOS-SA-2023-1356)"},{"cve":"CVE-2022-39260","qid":"672657","title":"EulerOS Security Update for git (EulerOS-SA-2023-1384)"},{"cve":"CVE-2022-39260","qid":"672784","title":"EulerOS Security Update for git (EulerOS-SA-2023-1502)"},{"cve":"CVE-2022-39260","qid":"690963","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for git (2523bc76-4f01-11ed-929b-002590f2a714)"},{"cve":"CVE-2022-39260","qid":"710816","title":"Gentoo Linux Git Multiple Vulnerabilities (GLSA 202312-15)"},{"cve":"CVE-2022-39260","qid":"752782","title":"SUSE Enterprise Linux Security Update for git (SUSE-SU-2022:3931-1)"},{"cve":"CVE-2022-39260","qid":"752937","title":"SUSE Enterprise Linux Security Update for git (SUSE-SU-2022:4271-1)"},{"cve":"CVE-2022-39260","qid":"753699","title":"SUSE Enterprise Linux Security Update for git (SUSE-SU-2023:0418-1)"},{"cve":"CVE-2022-39260","qid":"941032","title":"AlmaLinux Security Update for git (ALSA-2023:2319)"},{"cve":"CVE-2022-39260","qid":"941077","title":"AlmaLinux Security Update for git (ALSA-2023:2859)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2022-39260","STATE":"PUBLIC","TITLE":"Git vulnerable to Remote Code Execution via Heap overflow in `git shell`"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"git","version":{"version_data":[{"version_value":"< 2.30.6"},{"version_value":"> 2.31.0, < 2.31.5"},{"version_value":"> 2.32.0, < 2.32.4"},{"version_value":"> 2.33.0, < 2.33.5"},{"version_value":"> 2.34.0, < 2.34.5"},{"version_value":"> 2.34.0, < 2.35.5"},{"version_value":"> 2.35.0, < 2.36.3"},{"version_value":"> 2.37.0, < 2.37.4"}]}}]},"vendor_name":"git"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround."}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-787: Out-of-bounds Write"}]},{"description":[{"lang":"eng","value":"CWE-122: Heap-based Buffer Overflow"}]}]},"references":{"reference_data":[{"name":"https://github.com/git/git/security/advisories/GHSA-rjr6-wcq6-83p6","refsource":"CONFIRM","url":"https://github.com/git/git/security/advisories/GHSA-rjr6-wcq6-83p6"},{"refsource":"FEDORA","name":"FEDORA-2022-8b58806840","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKFHE4KVD7EKS5J3KTDFVBEKU3CLXGVV/"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213496","url":"https://support.apple.com/kb/HT213496"},{"refsource":"FEDORA","name":"FEDORA-2022-53aadd995f","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHNO2FB55CPX47BAXMBWUBGWHO6N6ZZH/"},{"refsource":"FULLDISC","name":"20221107 APPLE-SA-2022-11-01-1 Xcode 14.1","url":"http://seclists.org/fulldisclosure/2022/Nov/1"},{"refsource":"FEDORA","name":"FEDORA-2022-fb088df94c","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"}]},"source":{"advisory":"GHSA-rjr6-wcq6-83p6","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-10-19 12:15:00","lastModifiedDate":"2023-12-27 10:15:00","problem_types":["CWE-787","CWE-122"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:2.38.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.37.0","versionEndExcluding":"2.37.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.36.0","versionEndExcluding":"2.36.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.35.0","versionEndExcluding":"2.35.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.32.0","versionEndExcluding":"2.32.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionStartIncluding":"2.31.0","versionEndExcluding":"2.31.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*","versionEndExcluding":"2.30.6","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","versionEndExcluding":"14.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}