{"api_version":"1","generated_at":"2026-04-23T01:14:50+00:00","cve":"CVE-2023-25815","urls":{"html":"https://cve.report/CVE-2023-25815","api":"https://cve.report/api/cve/CVE-2023-25815.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-25815","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-25815"},"summary":{"title":"CVE-2023-25815","description":"In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.\n\nThis vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2023-04-25 20:15:00","updated_at":"2023-12-27 10:15:00"},"problem_types":["CWE-22","CWE-134"],"metrics":[],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/04/25/2","name":"http://www.openwall.com/lists/oss-security/2023/04/25/2","refsource":"MISC","tags":[],"title":"oss-security - [ANNOUNCE] Git v2.40.1 and friends","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202312-15","name":"https://security.gentoo.org/glsa/202312-15","refsource":"","tags":[],"title":"Git: Multiple Vulnerabilities (GLSA 202312-15) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack","name":"https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack","refsource":"MISC","tags":[],"title":"Exploit 101 - Format Strings - BreakInSecurity","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 38 Update: git-2.40.1-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 36 Update: git-2.40.1-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/msys2/MINGW-packages/pull/10461","name":"https://github.com/msys2/MINGW-packages/pull/10461","refsource":"MISC","tags":[],"title":"gettext: update to 0.21 by lazka · Pull Request #10461 · msys2/MINGW-packages · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8","name":"https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8","refsource":"MISC","tags":[],"title":"Git looks for localized messages in an unprivileged place · Advisory · git-for-windows/git · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html","name":"https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html","refsource":"MISC","tags":[],"title":"fprintf","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1","name":"https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1","refsource":"MISC","tags":[],"title":"Release Git for Windows 2.40.1 · git-for-windows/git · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: git-2.40.1-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-25815","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25815","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"25815","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25815","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25815","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"git_for_windows_project","cpe5":"git_for_windows","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-25815","qid":"160648","title":"Oracle Enterprise Linux Security Update for git (ELSA-2023-3245)"},{"cve":"CVE-2023-25815","qid":"160686","title":"Oracle Enterprise Linux Security Update for git (ELSA-2023-3246)"},{"cve":"CVE-2023-25815","qid":"199315","title":"Ubuntu Security Notification for Git Vulnerabilities (USN-6050-1)"},{"cve":"CVE-2023-25815","qid":"241548","title":"Red Hat Update for git (RHSA-2023:3248)"},{"cve":"CVE-2023-25815","qid":"241549","title":"Red Hat Update for git (RHSA-2023:3246)"},{"cve":"CVE-2023-25815","qid":"241550","title":"Red Hat Update for git (RHSA-2023:3243)"},{"cve":"CVE-2023-25815","qid":"241551","title":"Red Hat Update for git (RHSA-2023:3245)"},{"cve":"CVE-2023-25815","qid":"241552","title":"Red Hat Update for git (RHSA-2023:3247)"},{"cve":"CVE-2023-25815","qid":"241555","title":"Red Hat Update for rh-git227-git (RHSA-2023:3280)"},{"cve":"CVE-2023-25815","qid":"241596","title":"Red Hat Update for git (RHSA-2023:3192)"},{"cve":"CVE-2023-25815","qid":"283954","title":"Fedora Security Update for git (FEDORA-2023-d84a75ea52)"},{"cve":"CVE-2023-25815","qid":"283975","title":"Fedora Security Update for git (FEDORA-2023-003e7d2867)"},{"cve":"CVE-2023-25815","qid":"284158","title":"Fedora Security Update for git (FEDORA-2023-eaf1bdd5ae)"},{"cve":"CVE-2023-25815","qid":"296101","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 59.138.2 Missing (CPUJUL2023)"},{"cve":"CVE-2023-25815","qid":"378458","title":"Git for Windows Multiple Security Vulnerability"},{"cve":"CVE-2023-25815","qid":"378539","title":"Alibaba Cloud Linux Security Update for git (ALINUX3-SA-2023:0047)"},{"cve":"CVE-2023-25815","qid":"378588","title":"Microsoft Edge Based on Chromium Prior to 109.0.1518.115 Multiple Vulnerabilities"},{"cve":"CVE-2023-25815","qid":"502984","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2023-25815","qid":"502985","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2023-25815","qid":"502986","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2023-25815","qid":"502988","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2023-25815","qid":"503108","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2023-25815","qid":"505874","title":"Alpine Linux Security Update for git"},{"cve":"CVE-2023-25815","qid":"673170","title":"EulerOS Security Update for git (EulerOS-SA-2023-2312)"},{"cve":"CVE-2023-25815","qid":"673195","title":"EulerOS Security Update for git (EulerOS-SA-2023-2332)"},{"cve":"CVE-2023-25815","qid":"673209","title":"EulerOS Security Update for git (EulerOS-SA-2023-2354)"},{"cve":"CVE-2023-25815","qid":"673235","title":"EulerOS Security Update for git (EulerOS-SA-2023-2380)"},{"cve":"CVE-2023-25815","qid":"673529","title":"EulerOS Security Update for git (EulerOS-SA-2023-2641)"},{"cve":"CVE-2023-25815","qid":"673562","title":"EulerOS Security Update for git (EulerOS-SA-2023-3127)"},{"cve":"CVE-2023-25815","qid":"673708","title":"EulerOS Security Update for git (EulerOS-SA-2023-2683)"},{"cve":"CVE-2023-25815","qid":"710816","title":"Gentoo Linux Git Multiple Vulnerabilities (GLSA 202312-15)"},{"cve":"CVE-2023-25815","qid":"753944","title":"SUSE Enterprise Linux Security Update for git (SUSE-SU-2023:2038-1)"},{"cve":"CVE-2023-25815","qid":"753957","title":"SUSE Enterprise Linux Security Update for git (SUSE-SU-2023:2062-1)"},{"cve":"CVE-2023-25815","qid":"753961","title":"SUSE Enterprise Linux Security Update for git (SUSE-SU-2023:2038-2)"},{"cve":"CVE-2023-25815","qid":"753972","title":"SUSE Enterprise Linux Security Update for git (SUSE-SU-2023:2081-1)"},{"cve":"CVE-2023-25815","qid":"92027","title":"Microsoft Visual Studio Security Updates for June 2023"},{"cve":"CVE-2023-25815","qid":"941120","title":"AlmaLinux Security Update for git (ALSA-2023:3246)"},{"cve":"CVE-2023-25815","qid":"941122","title":"AlmaLinux Security Update for git (ALSA-2023:3245)"},{"cve":"CVE-2023-25815","qid":"960936","title":"Rocky Linux Security Update for git (RLSA-2023:3246)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-25815","ASSIGNER":"security-advisories@github.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.\n\nThis vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweId":"CWE-22"}]},{"description":[{"lang":"eng","value":"CWE-134: Use of Externally-Controlled Format String","cweId":"CWE-134"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"git-for-windows","product":{"product_data":[{"product_name":"git","version":{"version_data":[{"version_affected":"=","version_value":"< 2.40.1"}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8","refsource":"MISC","name":"https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8"},{"url":"https://github.com/msys2/MINGW-packages/pull/10461","refsource":"MISC","name":"https://github.com/msys2/MINGW-packages/pull/10461"},{"url":"https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack","refsource":"MISC","name":"https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack"},{"url":"https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1","refsource":"MISC","name":"https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1"},{"url":"https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html","refsource":"MISC","name":"https://pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html"},{"url":"http://www.openwall.com/lists/oss-security/2023/04/25/2","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/04/25/2"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/"}]},"source":{"advisory":"GHSA-9w66-8mq8-5vm8","discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L","version":"3.1"}]}},"nvd":{"publishedDate":"2023-04-25 20:15:00","lastModifiedDate":"2023-12-27 10:15:00","problem_types":["CWE-22","CWE-134"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":2.2,"baseSeverity":"LOW"},"exploitabilityScore":0.8,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*","versionEndExcluding":"2.40.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}