CVE-2022-23521

{"id": "CVE-2022-23521", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-01-17T23:15:15.580", "references": [{"url": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://security.gentoo.org/glsa/202312-15", "source": "security-advisories@github.com"}, {"url": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202312-15", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue."}, {"lang": "es", "value": "Git es un sistema de control de revisiones distribuido. Los gitattributes son un mecanismo que permite definir atributos para las rutas. Estos atributos se pueden definir agregando un archivo `.gitattributes` al repositorio, que contiene un conjunto de patrones de archivos y los atributos que deben establecerse para las rutas que coincidan con este patr\u00f3n. Al analizar gitattributes, pueden ocurrir m\u00faltiples desbordamientos de enteros cuando hay una gran cantidad de patrones de ruta, una gran cantidad de atributos para un solo patr\u00f3n o cuando los nombres de atributos declarados son enormes. Estos desbordamientos se pueden desencadenar a trav\u00e9s de un archivo `.gitattributes` manipulado que puede ser parte del historial de confirmaciones. Git divide silenciosamente l\u00edneas de m\u00e1s de 2 KB cuando analiza los atributos de git de un archivo, pero no cuando los analiza desde el \u00edndice. En consecuencia, el modo de falla depende de si el archivo existe en el \u00e1rbol de trabajo, en el \u00edndice o en ambos. Este desbordamiento de enteros puede provocar lecturas y escrituras arbitrarias en el almacenamiento din\u00e1mico, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo. El problema ha sido solucionado en las versiones publicadas el 17-01-2023, remont\u00e1ndose a la v2.30.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para este problema."}], "lastModified": "2024-11-21T06:48:44.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D0B133C-FC2B-4CBF-8840-C85F6D650510", "versionEndIncluding": "2.30.6"}, {"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA5113C4-D095-4E76-A6C6-F849E11DFA9D", "versionEndIncluding": "2.31.5", "versionStartIncluding": "2.31.0"}, {"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B82E8E87-1083-45B9-A273-E6AB31548D56", "versionEndIncluding": "2.32.4", "versionStartIncluding": "2.32.0"}, {"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9162726-CACE-4CB9-ACDE-204655D6BB3B", "versionEndIncluding": "2.33.5", "versionStartIncluding": "2.33.0"}, {"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65D149AF-5604-4109-A60B-CB7B5BBBEE87", "versionEndIncluding": "2.34.5", "versionStartIncluding": "2.34.0"}, {"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "383C057B-98D3-4AC6-9D43-AE13CC81FEC4", "versionEndIncluding": "2.35.5", "versionStartIncluding": "2.35.0"}, {"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B191BB2-D3C9-440D-8F7F-237BE0CBDB96", "versionEndIncluding": "2.36.3", "versionStartIncluding": "2.36.0"}, {"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3F7AE8C-A383-442C-8E74-7BC13E8B251D", "versionEndIncluding": "2.37.4", "versionStartIncluding": "2.37.0"}, {"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28F8851A-1566-4F16-AEC4-2C09AC866C2A", "versionEndIncluding": "2.38.2", "versionStartIncluding": "2.38.0"}, {"criteria": "cpe:2.3:a:git-scm:git:2.39.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC98AC76-7F3E-45A0-9DE6-3D097CEE5199"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}