Bugzilla – Bug 1204456
VUL-0: CVE-2022-39260: git: overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution
Last modified: 2023-02-15 14:33:13 UTC
CVE-2022-39260 Posted by Taylor Blau on Oct 18The Git project released new versions on 2022-10-18, addressing CVEs 2022-39253, 2022-39260. We highly recommend upgrading to one of the fixed versions below: v2.30.6 v2.31.5 v2.32.4 v2.33.5 v2.34.5 v2.35.5 v2.36.3 v2.37.4 v2.38.1 If you are on the unreleased development track, the same fix is already included, so you do not have to do anything. https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u The relevant information from the... CVE-2022-39260: An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39260 https://seclists.org/oss-sec/2022/q4/31
Created attachment 862255 [details] Upstream fix for CVE-2022-39260 Commit: 0ca6ead81edd4fb1984b69aae87c1189e3025530
This is an autogenerated message for OBS integration: This bug (1204456) was mentioned in https://build.opensuse.org/request/show/1031390 Factory / git
SUSE-SU-2022:3931-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1204455,1204456 CVE References: CVE-2022-39253,CVE-2022-39260 JIRA References: Sources used: openSUSE Leap 15.4 (src): git-2.35.3-150300.10.18.1 openSUSE Leap 15.3 (src): git-2.35.3-150300.10.18.1 SUSE Linux Enterprise Module for Development Tools 15-SP4 (src): git-2.35.3-150300.10.18.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): git-2.35.3-150300.10.18.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): git-2.35.3-150300.10.18.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): git-2.35.3-150300.10.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:4271-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1204455,1204456 CVE References: CVE-2022-39253,CVE-2022-39260 JIRA References: Sources used: SUSE OpenStack Cloud 8 (src): git-2.26.2-27.60.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): git-2.26.2-27.60.1 SUSE Linux Enterprise Server 12-SP5 (src): git-2.26.2-27.60.1 HPE Helion Openstack 8 (src): git-2.26.2-27.60.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0418-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1204455,1204456,1208027,1208028 CVE References: CVE-2022-39253,CVE-2022-39260,CVE-2023-22490,CVE-2023-23946 JIRA References: Sources used: openSUSE Leap 15.4 (src): git-2.26.2-150000.47.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): git-2.26.2-150000.47.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): git-2.26.2-150000.47.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): git-2.26.2-150000.47.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): git-2.26.2-150000.47.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): git-2.26.2-150000.47.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): git-2.26.2-150000.47.1 SUSE Enterprise Storage 7 (src): git-2.26.2-150000.47.1 SUSE CaaS Platform 4.0 (src): git-2.26.2-150000.47.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.