![]() gitattributes file is parsed from the index, since git splits lines longer than 2KB when parsing gitattributes from a file.īoth vulnerabilities have mitigations, which consists in not using the affected features, but the suggested solution is upgrading to the latest Git version.Īdditionally, the Git project has also disclosed a Windows-specific high severity vulnerability affecting Git GUI. ![]() This vulnerability specifically requires that the. gitattributes file that may be part of the commit history. These overflows can be triggered via a crafted. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. Gitattributes can be used, for example, to specify which files should be treated as binary, what language to use for syntax highlighting, and so on. ![]() It affects the gitattributes mechanism, which allows to assign specific attributes to paths matching certain attributes, as specified in a. The other critical vulnerability, with identifier CVE-2022-23521, was discovered by Markus Vervier and Eric Sesterhenn of X41 D-Sec. It can also be triggered indirectly by running the git archive command using the export-subst gitattribute, which expands format specifiers inside of files within the repository. command supplying a malicious format specifiers. The vulnerability can be triggered by running the git log -format=. When processing the padding operators (e.g., %(, %>(, or %><( ), an integer overflow can occur in pretty.c::format_and_pad_commit() where a size_t is improperly stored as an int, and then added as an offset to a subsequent memcpy() call. It affects the git log command when using the -format option to customize the log format: One of the vulnerabilities, which was discovered by Joern Schneeweisz of GitLab, received the CVE-2022-41903 CVE identifier. Both may lead to remote code execution, so users are required to upgrade immediately to Git 2.39.1. gitattributes parsing in Git versions up to and including Git 2.39 have been recently patched. ![]() Two vulnerabilities affecting Git's commit log formatting and. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |