Bug 2162056 (CVE-2022-41903)
| Summary: | CVE-2022-41903 git: Heap overflow in `git archive`, `git log --format` leading to RCE | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sandipan Roy <saroy> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aeladawy, arachman, chazlett, fhirtz, hhorak, jbilling, jorton, jwon, kyoshida, lveyde, michal.skrivanek, mperina, mvanderw, opohorel, pjindal, rdey, rpalathi, sbonazzo, security-response-team, wadeck.follonier |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in `pretty.c::format_and_pad_commit()`, where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through the git archive via the export-subst mechanism, which expands format specifiers inside files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-02-10 04:07:51 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2162059, 2162060, 2162061, 2162062, 2162063, 2162064, 2162065, 2162066, 2162067, 2162068, 2162069, 2162070, 2162071, 2184002 | ||
| Bug Blocks: | 2161783 | ||
|
Description
Sandipan Roy
2023-01-18 17:01:57 UTC
Created git tracking bugs for this issue: Affects: fedora-36 [bug 2162065] Affects: fedora-37 [bug 2162066] Hello there, If it's not the correct location for this comment, please redirect me to a better place ;-) Do you have any ETA about the availability of the fix in the affected lines of your Docker images? UBI 7-9 are affected since more than 2 weeks, usually you are providing the corrections in a very reactive (and appreciated) way, making this one a bit weird (along with CVE-2022-23521). Also I saw that the score was moving from Critical to High and now back to Critical. In the meantime, do you have a workaround recommendation? Wadeck This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:0597 https://access.redhat.com/errata/RHSA-2023:0597 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0596 https://access.redhat.com/errata/RHSA-2023:0596 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:0599 https://access.redhat.com/errata/RHSA-2023:0599 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:0609 https://access.redhat.com/errata/RHSA-2023:0609 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0611 https://access.redhat.com/errata/RHSA-2023:0611 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0610 https://access.redhat.com/errata/RHSA-2023:0610 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0627 https://access.redhat.com/errata/RHSA-2023:0627 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0628 https://access.redhat.com/errata/RHSA-2023:0628 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-41903 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:0978 https://access.redhat.com/errata/RHSA-2023:0978 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2023:1677 https://access.redhat.com/errata/RHSA-2023:1677 |