Git has fixed two critical vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow vulnerabilities. Additionally, a third Windows-specific vulnerability affecting Git’s GUI tool, caused by a vulnerability in the untrusted search path, allows unauthenticated attackers to perform low-complexity attacks on untrusted code. Users are advised to update to the latest version, especially if they are using “git archive” or Git GUI on Windows.
In a blog post published on Wednesday, the Git team notes that the first two vulnerabilities affect Git’s commit formatting mechanism and the .gitattributes parser, respectively. The first bug (CVE-2022-41903) can be exploited to perform arbitrary writes to the heap, while the second (CVE-2022-23521) can also be exploited to perform arbitrary reads. Both errors can cause arbitrary code execution, so users should update immediately. Both issues were also discovered during an X41 review of the Git code base.
The most severe issue discovered allows an attacker to trigger heap-based memory corruption during clone or pull operations, which could lead to code execution. Another critical bug allows code to run during a check-in operation, commonly performed by git forges, X41 security researchers said. This audit was sponsored by OSTIF (Open Source Technology Improvement Fund). Patches were written by engineers from the GitLab Security Research Team, GitHub engineers, and mailing list members git security.
According to the Git team, the Windows-specific issue (CVE-2022-41953) is a search for $PATH including the current working directory that can be exploited to execute arbitrary code when cloning repos using Git’s GUI . Below is more information on vulnerabilities and fixes.
CVE-2022-41903
The first set of updates affects Git’s commit formatting mechanism, which is used to display arbitrary information about commits, as in git log –format. When processing one of the padding operators (e.g. %<(, %>(, etc.) a large shift may result in an integer overflow. This error can be thrown directly via git log –format .
It can also be triggered indirectly via Git’s export-subst mechanism, which applies formatting modifiers to selected files when using the Git archive. This integer overflow can cause random reads and writes to the heap, which can lead to remote code execution.
CVE-2022-23521
Git attributes (.gitattributes) are used to define unique attributes that correspond to paths in your repository. These attributes are defined by one or more .gitattributes files in your repository. The parser used to read these files has several integer overflows that can occur when parsing a large number of patterns, a large number of attributes, or attributes with names that are too long. These overflows can be triggered by a malicious .gitattributes file.
However, Git automatically splits 2KB rows when reading .gitattributes from a file, but not when parsing from the index. Successful exploitation of this vulnerability depends on the location of the affected .gitattributes file. As in the previous case, this integer overflow can result in random reads and writes to the heap, which can lead to remote code execution.
CVE-2022-41953
After cloning a repository, the Git GUI automatically applies some post-processing to the resulting checkout, including running a spell check if available. A Windows-specific vulnerability causes the Git GUI to look for the spell checker in the newly checked out working tree, which may lead to the execution of untrusted code.
Update to the latest version of Git
In any case, according to the team, the most effective defense against attacks that try to exploit these vulnerabilities is to update to the latest version of Git (v2.39.1). If you can’t upgrade right away, reduce your risk by taking the following steps:
- Avoid calling the –format mechanism directly with known operators, and avoid running Git archives in untrusted repositories;
- If you make the Git archive available via the Git daemon, consider disabling it when working with untrusted repositories by running git config –global daemon.uploadArch false;
- Avoid using the Git GUI on Windows when cloning untrusted repositories.
Source: GitHub
And you?
What is your opinion on the topic?
See also
GitHub Copilot, the AI-based programming assistant, is being fired at by critics. A developer claims that he has copyrighted many parts of his code
A teacher points to GitHub Copilot as the perfect tool for cheaters in coding assessments, raising fears that AI will wipe out the developer profession
GitHub will now use the term main instead of master to denote the default branch of projects, thereby breaking down racial stereotypes on the platform