Critical Vulnerabilities Affecting Git

Published on 18 Jan 2023

Updated on 18 Jan 2023

Git has released security updates to address two critical vulnerabilities (CVE-2022-41903 and CVE-2022-23521) affecting their product. Both vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.

Successful exploitation of these vulnerabilities could enable an attacker to exploit heap-based buffer overflow weaknesses, which may result in remote code execution.

The vulnerabilities affect the following versions of Git:

  • v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, v2.39.0, and any prior versions

GitLab Community Edition (CE) and Enterprise Edition (EE) are also affected.

Administrators and users of affected versions are strongly advised to upgrade to the latest version immediately.


More information is available here:

https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/

https://about.gitlab.com/releases/2023/01/17/critical-security-release-gitlab-15-7-5-released/

https://www.bleepingcomputer.com/news/security/git-patches-two-critical-remote-code-execution-security-flaws/