CVE-2022-41903 & CVE-2022-23521: Critical RCE flaws in Git
The maintainers of the fast, scalable, distributed revision control system Git have issued patches for two critical remote code execution vulnerabilities impacting its Git releases.
Tracked as CVE-2022-41903 (CVSS 9.9/10 severity), the security flaw can be exploited by sending specially-crafted input. The flaw is caused by an integer overflow when processing the padding operators that allow a remote attacker to execute arbitrary code on the system.
“When processing the padding operators (e.g., %<(, %<|(, %>(, %>>(, or %><( ), an integer overflow can occur in pretty.c::format_and_pad_commit() where a size_t is improperly stored as an int, and then added as an offset to a subsequent memcpy() call,” Git said in an advisory. “This integer overflow can result in arbitrary heap writes, which may result in remote code execution.“
For those unable to update their Git installations immediately, the maintainers recommend disabling “git archive in untrusted repositories. If you expose git archive via git daemon, disable it by running git config –global daemon.uploadArch false. If you do not, avoid running git archive directly on untrusted repositories.”
The second critical severity issue is tracked as CVE-2022-23521 (CVSS score of 9.8) and exists because of an integer overflow when parsing gitattributes. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Both of security bugs impact the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0. Git v2.30.7, v2.31.6, v2.32.5, v2.33.6, v2.34.6, v2.35.6, v2.36.4, v2.37.5, v2.38.3, and v2.39.1 address these issues. All users are advised to upgrade to a current release as soon as possible.
Also, GitLab released versions 15.7.5, 15.6.6, and 15.5.9 for GitLab Community Edition (CE) and Enterprise Edition (EE) to fix CVE-2022-41903 & CVE-2022-23521. “We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible,” GitLab noted.