CVE-2023-29007

Published Apr 25, 2023

Last updated 5 months ago

Overview

Description: Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
Source: security-advisories@github.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

security-advisories@github.com: CWE-74

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2E4BF99-17B8-4424-B97E-DDB8A4793DAF",
            "versionEndExcluding": "2.30.9"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A1D7F29-E06F-4277-8713-1C19DE714300",
            "versionEndExcluding": "2.31.8",
            "versionStartIncluding": "2.31.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B69F022-B29E-4D9A-B4FC-78430AFF0C9C",
            "versionEndExcluding": "2.32.7",
            "versionStartIncluding": "2.32.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A2B603F-B8E2-4123-80A4-64E983FF1F86",
            "versionEndExcluding": "2.33.8",
            "versionStartIncluding": "2.33.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26D3ED4E-246E-4D4D-9E2D-7890E93ECED8",
            "versionEndExcluding": "2.34.8",
            "versionStartIncluding": "2.34.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3988013-1332-49F8-85E7-7EB59BE36A63",
            "versionEndExcluding": "2.35.8",
            "versionStartIncluding": "2.35.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0588D372-41D2-442E-976E-6B24DB1A1EC6",
            "versionEndExcluding": "2.36.5",
            "versionStartIncluding": "2.36.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "030542CA-76BF-4252-9E03-D7E44D3DEE19",
            "versionEndExcluding": "2.37.7",
            "versionStartIncluding": "2.37.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EAEE109-8AD8-4383-AAC3-E9D2A4794F8B",
            "versionEndExcluding": "2.38.5",
            "versionStartIncluding": "2.38.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE329F8E-076F-4895-A2A2-A1C0330C1F6F",
            "versionEndExcluding": "2.39.3",
            "versionStartIncluding": "2.39.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:2.40.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89633B46-319A-499C-9848-2EA60AC030EB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References