Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-23521

Integer Overflow or Wraparound

Published: Jan 17, 2023 | Modified: Dec 27, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
9.8 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-23521
CWEhttps://cwe.mitre.org/data/definitions/190.html

Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a .gitattributes file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted .gitattributes file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.

Weakness

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Affected Software

Name Vendor Start Version End Version
Git Git-scm * 2.30.6 (including)
Git Git-scm 2.31.0 (including) 2.31.5 (including)
Git Git-scm 2.32.0 (including) 2.32.4 (including)
Git Git-scm 2.33.0 (including) 2.33.5 (including)
Git Git-scm 2.34.0 (including) 2.34.5 (including)
Git Git-scm 2.35.0 (including) 2.35.5 (including)
Git Git-scm 2.36.0 (including) 2.36.3 (including)
Git Git-scm 2.37.0 (including) 2.37.4 (including)
Git Git-scm 2.38.0 (including) 2.38.2 (including)
Git Git-scm 2.39.0 (including) 2.39.0 (including)
Red Hat Enterprise Linux 7 RedHat git-0:1.8.3.1-24.el7_9 *
Red Hat Enterprise Linux 8 RedHat git-0:2.31.1-3.el8_7 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat git-0:2.18.4-2.el8_1 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat git-0:2.18.4-3.el8_2 *
Red Hat Enterprise Linux 8.2 Telecommunications Update Service RedHat git-0:2.18.4-3.el8_2 *
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions RedHat git-0:2.18.4-3.el8_2 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat git-0:2.27.0-3.el8_4 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat git-0:2.31.1-3.el8_6 *
Red Hat Enterprise Linux 9 RedHat git-0:2.31.1-3.el9_1 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat git-0:2.31.1-3.el9_0 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-git227-git-0:2.27.0-4.el7 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 RedHat redhat-virtualization-host-0:4.5.3-202304051438_8.6 *
Git Ubuntu bionic *
Git Ubuntu devel *
Git Ubuntu esm-infra/xenial *
Git Ubuntu focal *
Git Ubuntu jammy *
Git Ubuntu kinetic *
Git Ubuntu lunar *
Git Ubuntu trusty *
Git Ubuntu trusty/esm *
Git Ubuntu xenial *

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • If possible, choose a language or compiler that performs automatic bounds checking.
  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
  • Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
  • Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
  • Understand the programming language’s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, “not-a-number” calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use