Git Users Advised to Update Software to Mitigate Remote Code Execution Vulnerabilities

Recent updates to the Git source code version control system have unveiled the presence of two critical vulnerabilities that expose users to the risk of remote code execution. The vulnerabilities, tracked as CVE-2022-23521 and CVE-2022-41903, affect multiple Git versions, creating significant concerns for organizations relying on the software.

Impacted versions include, among others, v2.30.6 through v2.39.0, with recently patched iterations aimed at mitigating these vulnerabilities ranging from v2.30.7 up to v2.39.1. The issues were brought to light by security researchers from X41 D-Sec and GitLab, who highlighted the potential exploit paths that could be leveraged by an attacker.

The first vulnerability, CVE-2022-23521, is particularly alarming as it allows threat actors to trigger heap-based memory corruption during clone or pull operations, which could potentially lead to arbitrary code execution. Meanwhile, CVE-2022-41903 arises during archive operations, stemming from an integer overflow when formatting commit logs, enabling a similar avenue for code execution.

As part of a comprehensive security advisory, X41 D-Sec also noted several related integer issues that might lead to denial-of-service conditions or out-of-bounds read scenarios, further increasing the urgency for an update among affected users. While there are no workarounds available for addressing CVE-2022-23521, Git has recommended that users disable the “git archive” command in environments where untrusted repositories are present to mitigate risks associated with CVE-2022-41903.

For businesses leveraging GitLab, coordinated updates have been released across various versions, including 15.7.5, 15.6.6, and 15.5.9, specifically addressing these vulnerabilities. GitLab urges immediate implementation of these patches to safeguard against the identified risks.

The potential implications of exploiting these vulnerabilities align with several tactics in the MITRE ATT&CK framework. Scenarios could involve adversaries employing techniques related to initial access, possibly through phishing or malicious repositories, with subsequent actions including privilege escalation derived from code execution gains. The disruption caused by denial-of-service conditions can also be classified under the tactic of impact, affecting organizational operations significantly.

In light of these developments, organizations must prioritize applying the latest updates to Git and GitLab to mitigate exposure to these critical vulnerabilities. As cyber threats continue to evolve, maintaining robust security practices and timely application of patches is essential to safeguarding sensitive data and maintaining operational integrity.