The maintainers of the Git source code version control system have issued updates to address two critical vulnerabilities that could be exploited by an adversary to execute arbitrary code remotely.
Git versions v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0 are vulnerable to the vulnerabilities CVE-2022-23521 and CVE-2022-41903.
Patched versions include v2.30.7, v2.31.6, v2.32.5, v2.33.6, v2.34.6, v2.35.6, v2.36.4, v2.37.5, and v2.39.1. Markus Vervier and Eric Sesterhenn of X41 D-Sec and Joern Schneeweisz of GitLab are credited with reporting the vulnerabilities.
“The most severe vulnerability discovered allows an attacker to cause heap-based memory corruption during a clone or pull operations, which could lead to code execution,” the German cybersecurity firm said of CVE-2022-23521.
CVE-2022-41903, likewise a critical flaw, is triggered during an archive operation, resulting in code execution via an integer overflow flaw that occurs when formatting the commit logs.
In addition, X41 D-Sec identified a large number of integer-related issues that could lead to denial-of-service situations, out-of-bound reads, or poorly handled corner cases on large input.
Git recommends that users disable “git archive” in untrusted repositories as mitigation for CVE-2022-41903 in situations where updating to the latest version is not possible.
In a coordinated advisory, GitLab announced that it has released versions 15.7.5, 15.6.6, and 15.5.9 of GitLab Community Edition (CE) and Enterprise Edition (EE) to address the vulnerabilities, and urged customers to apply the fixes immediately.
![GandCrab Ransomware Decryptor [All Versions] — Free File Recovery](https://besttopreviewsonline.com/wp-content/uploads/2023/01/gandcrab-ransomware-decryptor-all-versions-free-file-recovery-300x157.webp)