A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development.
The latest git vulnerabilities
CVE-2022-41903 is an out-of-bounds memory write flaw in log formatting and CVE-2022-23251 is a truncated allocation leading to out-of-bounds write via large number of attributes. Both may result in remote code execution.
More technical info about each of the flaws can be found in this post by X41 D-Sec researchers experts Eric Sesterhenn and Markus Vervier. The two, along with GitLab security engineer Joern Schneeweisz, inspected git’s source code manually and with code analysis and fuzzing tools and uncovered 35 security issues in total.
