September 25, 2023

GitLab has released patches for two critical security flaws in Git that allows attackers to remotely execute arbitrary code and take advantage of integer overflows.

The flaws, tracked as CVE-2022-41903 and CVE-2022-23521, were patched in the recent release, which includes all new Git versions released after v2.30.7.

The first flaw CVE-2022-41903 is due to service’s commit formatting component, which enables the display of commits in arbitrary formats, An integer overflow could occur when padding operators are processed which might result in arbitrary heap writes, which might allow threat actors to perform remote code execution.

Advertisements

The second flaw CVE-2022-22521 affects the way Git’s gitattributes parsing mechanism defines path attributes. Multiple integer overflows could result from parsing gitattributes in a number of circumstances.

These flaws were discovered as part of a security source code audit of Git sponsored by OSTIF by security experts from X41 and GitLab.

Upgrading to the most recent Git release (v2.39.1) is always the best method to guard against attacks that attempt to make use of these vulnerabilities.

Tags:

Leave a Reply

You may have missed

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023

MGM Resorts and Ceasars Attacks – Lesson Learnt

September 23, 2023

CISA KEV Update September 2023 – Part II

September 23, 2023

Air Canada Reveals Data Exposure due to a Cyberattack

September 23, 2023

SandMan APT Group in action against Telcos

September 22, 2023
%d bloggers like this: