Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251)

A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. The latest git vulnerabilities CVE-2022-41903 is an out-of-bounds memory write flaw in log formatting and CVE-2022-23251 is a truncated allocation leading to out-of-bounds write via large number of attributes. Both may result in remote code execution. More technical info about each of the flaws can be found in this post by X41 D-Sec researchers … More →

The post …

attributes audit code code audit code execution collaborative software control control system critical critical vulnerabilities cve development distributed don't miss flaw flaws git github gitlab hot stuff info large latest log may memory open source out-of-bounds out-of-bounds write popular rce remote code remote code execution result security update software software development source code system technical truncated ubuntu version vulnerabilities vulnerability