In a sponsored security source code audit, security experts from X41 D-SEC GmbH (Eric Sesterhenn and Markus Vervier) and GitLab (Joern Schneeweisz) found two notable critical flaws in Git's code. A vulnerability on Git could generally compromise source code repositories and developer systems, but "wormable" ones could result in large-scale breaches, according to the high-level audit report. Microsoft defines a flaw as "wormable" if it doesn’t rely on human interaction, instead it allows malware to spread from one vulnerable system to another.
The two critical flaws, tracked as CVE-2022-23521 and CVE-2022-41903, could allow threat actors to potentially run malware after taking advantage of overflow weaknesses in a system's memory.
A total of eight vulnerabilities were found in Git's code. On top of the critical ones we mentioned, the experts also found one rated medium, one high, and four rated low severity. 27 other issues found don’t have a direct security impact.
A copy of the full audit report from X41 and GitLab can be found here.
Recommendation and workaround
The easiest way to protect against exploits of these critical vulnerabilities is to upgrade to the latest Git release, which is version 2.39.1, as well as update your GitLab instance to one of these versions: 15.7.5, 15.6.6, and 15.5.9.
Version 2.39.1 of Git for Windows also addresses the flaw tracked as CVE-2022-41953.
The researchers recommend those using Git continue to use safe wrappers and develop strategies to mitigate common memory safety issues. They also discouraged storing length values to signed integer typed variables.
"Introducing generic hardenings such as sanity checks on data input length, and the use of safe wrappers can improve the security of the software in the short term. The usage of signed integer typed variables to store length values should be banned. Additionally, the software could benefit from compiler level checks regarding the use of integer and long variable types for length and size values. Enabling the related compiler warnings during the build process can help identify the issues early in the development process."
Per BleepingComputer, users who cannot upgrade to address CVE-2022-41903 may want to apply this workaround instead:
- Disable 'git archive' in untrusted repositories or avoid running the command on untrusted repos
- If 'git archive' is exposed via 'git daemon,' disable it when working with untrusted repositories by running the 'git config --global daemon.uploadArch false' command
CVE-2022-23521: Truncated Allocation Leading to Out-of-bounds (OOB) Write
An OOB Write occurs when software writes data at the beginning or end of a buffer, resulting to data corruption, a system crash, or code execution. OOB Write is a flaw classed as a heap-based buffer overflow.
This flaw triggers when Git parses a crafted .gitattributes file that may be part of a commit history, causing multiple integer overflows (also known as wraparounds). This means the program is trying to store a huge value or number more than an integer type can store.
If this happens, OOB reads and writes can occur, which could then lead to remote code execution.
CVE-2022-41903: OOB Write in Log Formatting
This flaw is found in Git’s commit-formatting mechanism, which displays arbitrary information on commits. When Git processes a padding operator, an integer overflow can occur. OOB reads and writes can occur out of the overflow, leading to remote code execution if exploited.
A detailed, technical dive into these vulnerabilities are in the full audit report.
We don't just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.