FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8fafbef4-b1d9-11ed-b0f4-002590f2a714	git -- gitattributes parsing integer overflow git team reports: gitattributes are used to define unique attributes corresponding to paths in your repository. These attributes are defined by .gitattributes file(s) within your repository. The parser used to read these files has multiple integer overflows, which can occur when parsing either a large number of patterns, a large number of attributes, or attributes with overly-long names. These overflows may be triggered via a malicious .gitattributes file. However, Git automatically splits lines at 2KB when reading .gitattributes from a file, but not when parsing it from the index. Successfully exploiting this vulnerability depends on the location of the .gitattributes file in question. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. Discovery 2023-01-17 Entry 2023-02-21 git < 2.39.1 CVE-2022-23521 https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-23521

VuXML ID

Description

8fafbef4-b1d9-11ed-b0f4-002590f2a714

git -- gitattributes parsing integer overflow

git team reports:

gitattributes are used to define unique attributes corresponding to paths in your repository. These attributes are defined by .gitattributes file(s) within your repository.

The parser used to read these files has multiple integer overflows, which can occur when parsing either a large number of patterns, a large number of attributes, or attributes with overly-long names.

These overflows may be triggered via a malicious .gitattributes file. However, Git automatically splits lines at 2KB when reading .gitattributes from a file, but not when parsing it from the index. Successfully exploiting this vulnerability depends on the location of the .gitattributes file in question.

This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution.

Discovery 2023-01-17
Entry 2023-02-21
git

< 2.39.1

CVE-2022-23521
https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-23521