Krytyczna podatność w GIT (sprawdźcie swoje GitLaby, Jenkinsy i inne)
CVE.reportGit doczekał się swojej krytycznej podatności
Podatność zyskała wskaźnik 9.9/10 w systemie CVSS
Druga podatność
https://cve.report/CVE-2022-23521
GitLab już wydał łatki
https://about.gitlab.com/releases/2023/01/17/critical-security-release-gitlab-15-7-5-released/
The git-log command has the ability to display commits using an arbitrary format with its --format specifiers. This functionality is also exposed to git-archive via the export-subst gitattribute.
When processing the padding operators (e.g., %<(, %<|(, %>(, %>>(, or %><( ), an integer overflow can occur in pretty.c::format_and_pad_commit() where a size_t is improperly stored as an int, and then added as an offset to a subsequent memcpy() call.
This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., git log --format=...). It may also be triggered indirectly through git-archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive.
This integer overflow can result in arbitrary heap writes, which may result in remote code execution.
W niedługim czasie pewnie usłyszymy o kilku atakach z wykorzystaniem tego exploita.
#programowanie #selfhosted
Podatność zyskała wskaźnik 9.9/10 w systemie CVSS
Druga podatność
https://cve.report/CVE-2022-23521
GitLab już wydał łatki
https://about.gitlab.com/releases/2023/01/17/critical-security-release-gitlab-15-7-5-released/
The git-log command has the ability to display commits using an arbitrary format with its --format specifiers. This functionality is also exposed to git-archive via the export-subst gitattribute.
When processing the padding operators (e.g., %<(, %<|(, %>(, %>>(, or %><( ), an integer overflow can occur in pretty.c::format_and_pad_commit() where a size_t is improperly stored as an int, and then added as an offset to a subsequent memcpy() call.
This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., git log --format=...). It may also be triggered indirectly through git-archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive.
This integer overflow can result in arbitrary heap writes, which may result in remote code execution.
W niedługim czasie pewnie usłyszymy o kilku atakach z wykorzystaniem tego exploita.
#programowanie #selfhosted
