March 20, 2023

GitLab has released patches for two critical security flaws in Git that allows attackers to remotely execute arbitrary code and take advantage of integer overflows.

The flaws, tracked as CVE-2022-41903 and CVE-2022-23521, were patched in the recent release, which includes all new Git versions released after v2.30.7.

The first flaw CVE-2022-41903 is due to service’s commit formatting component, which enables the display of commits in arbitrary formats, An integer overflow could occur when padding operators are processed which might result in arbitrary heap writes, which might allow threat actors to perform remote code execution.

Advertisements

The second flaw CVE-2022-22521 affects the way Git’s gitattributes parsing mechanism defines path attributes. Multiple integer overflows could result from parsing gitattributes in a number of circumstances.

These flaws were discovered as part of a security source code audit of Git sponsored by OSTIF by security experts from X41 and GitLab.

Upgrading to the most recent Git release (v2.39.1) is always the best method to guard against attacks that attempt to make use of these vulnerabilities.

Tags:

Leave a Reply

You may have missed

New Decryptor for Conti Ransomware Released

New Decryptor for Conti Ransomware Released

March 20, 2023
Royal Dirkzwager hit by Play Ransomware

Royal Dirkzwager hit by Play Ransomware

March 20, 2023
Trigona Ransomware Disection

Trigona Ransomware Disection

March 19, 2023
Makop Ransomware Disection

Makop Ransomware Disection

March 19, 2023
TheCyberThrone Security Week In Review – March 18th, 2023

TheCyberThrone Security Week In Review – March 18th, 2023

March 19, 2023
Hinata Bot – Go Based Bots

Hinata Bot – Go Based Bots

March 18, 2023
%d bloggers like this: