FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2fcca7e4-b1d7-11ed-b0f4-002590f2a714git -- Heap overflow in `git archive`, `git log --format` leading to RCE

The git team reports:

git log has the ability to display commits using an arbitrary format with its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute.

When processing the padding operators (e.g., %<(, %<|(, %>(, %>>(, or %><( ), an integer overflow can occur in pretty.c::format_and_pad_commit() where a size_t is improperly stored as an int, and then added as an offset to a subsequent memcpy() call.

This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., git log --format=...). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive.

This integer overflow can result in arbitrary heap writes, which may result in remote code execution.


Discovery 2023-01-17
Entry 2023-02-21
git
< 2.39.1

CVE-2022-41903
https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-41903
8fafbef4-b1d9-11ed-b0f4-002590f2a714git -- gitattributes parsing integer overflow

git team reports:

gitattributes are used to define unique attributes corresponding to paths in your repository. These attributes are defined by .gitattributes file(s) within your repository.

The parser used to read these files has multiple integer overflows, which can occur when parsing either a large number of patterns, a large number of attributes, or attributes with overly-long names.

These overflows may be triggered via a malicious .gitattributes file. However, Git automatically splits lines at 2KB when reading .gitattributes from a file, but not when parsing it from the index. Successfully exploiting this vulnerability depends on the location of the .gitattributes file in question.

This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution.


Discovery 2023-01-17
Entry 2023-02-21
git
< 2.39.1

CVE-2022-23521
https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-23521
d2c6173f-e43b-11ed-a1d7-002590f2a714git -- Multiple vulnerabilities

git developers reports:

This update includes 2 security fixes:

  • CVE-2023-25652: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch)
  • CVE-2023-29007: A specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug that can be used to inject arbitrary configuration into user's git config. This can result in arbitrary execution of code, by inserting values for core.pager, core.editor and so on

Discovery 2023-04-25
Entry 2023-04-26
git
< 2.40.1

git-lite
< 2.40.1

git-tiny
< 2.40.1

CVE-2023-25652
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx
CVE-2023-29007
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844
9548d6ed-b1da-11ed-b0f4-002590f2a714git -- Local clone-based data exfiltration with non-local transports

git team reports:

Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (c.f., CVE-2022-39253), the objects directory itself may still be a symbolic link.

These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253.


Discovery 2023-02-14
Entry 2023-02-21
git
< 2.39.2

CVE-2023-22490
https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-22490
2523bc76-4f01-11ed-929b-002590f2a714git -- Multiple vulnerabilities

This release contains 2 security fixes:

CVE-2022-39253

When relying on the `--local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's `$GIT_DIR` when cloning from a malicious repository. Git will no longer dereference symbolic links via the `--local` clone mechanism, and will instead refuse to clone repositories that have symbolic links present in the `$GIT_DIR/objects` directory. Additionally, the value of `protocol.file.allow` is changed to be "user" by default.

CVE-2022-39260

An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB.


Discovery 2022-06-09
Entry 2022-10-18
git
< 2.38.1

git-lite
< 2.38.1

git-tiny
< 2.38.1

CVE-2022-39253
CVE-2022-39260
https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
21f12de8-b1db-11ed-b0f4-002590f2a714git -- "git apply" overwriting paths outside the working tree

git team reports:

By feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the user who is running "git apply".


Discovery 2023-02-14
Entry 2023-02-21
git
< 2.39.2

CVE-2023-23946
https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-23946
b99f99f6-021e-11ed-8c6f-000c29ffbb6cgit -- privilege escalation

The git project reports:

Git is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository.


Discovery 2022-07-12
Entry 2022-07-12
git
< 2.37.1

CVE-2022-29187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187