Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-41903 PoC — Integer overflow in `git archive`, `git log --format` leading to RCE in git

Source
https://github.com/sondermc/git-cveissues
Associated Vulnerability
Title:Integer overflow in `git archive`, `git log --format` leading to RCE in git (CVE-2022-41903)
Description:Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.
Description
vulnerabilities, CVE-2022-41903, and CVE-2022-23521, that affect versions 2.39 and older. Git for Windows was also patched to address an additional, Windows-specific issue known as CVE-2022-41953.
Readme
# DESCRIPTION
vulnerabilities, CVE-2022-41903, and CVE-2022-23521, that affect versions 2.39 and older. Git for Windows was also patched to address an additional, Windows-specific issue known as CVE-2022-41953.

These scripts:
- build distribution containers and installs the git version provided
- displays the version

# NOTE
The building of git on Gentoo takes a long time. Be patient. 

# BUILD
```bash
time ./buildDockerimages.sh
```
   
# RUN
```bash
./check-repofixed.sh
```
File Snapshot

 [4.0K]  /data/pocs/3a1f9c6c3bb2a4107d366ed9ee8db9785a31ac73
├── [2.3K]  buildDockerimages.sh
├── [  86]  Dockerfile.alpine
├── [ 153]  Dockerfile.archlinux
├── [ 110]  Dockerfile.CentOS8
├── [ 111]  Dockerfile.CentOS9
├── [ 144]  Dockerfile.debianstable
├── [ 145]  Dockerfile.debiantesting
├── [ 146]  Dockerfile.debianunstable
├── [ 109]  Dockerfile.fedora34
├── [ 109]  Dockerfile.fedora35
├── [ 109]  Dockerfile.fedora36
├── [ 109]  Dockerfile.fedora37
├── [  97]  Dockerfile.gentoo
├── [ 107]  Dockerfile.rhel7
├── [ 116]  Dockerfile.rhel8
├── [ 116]  Dockerfile.rhel9
├── [ 140]  Dockerfile.sles15
├── [ 139]  Dockerfile.ubuntubionic
├── [ 138]  Dockerfile.ubuntufocal
├── [ 138]  Dockerfile.ubuntujammy
├── [ 140]  Dockerfile.ubuntukinetic
├── [ 138]  Dockerfile.ubuntulunar
├── [ 139]  Dockerfile.ubuntutrusty
├── [ 139]  Dockerfile.ubuntuxenial
├── [ 966]  get_gitversion.sh
├── [ 324]  input.txt
└── [ 482]  README.md

0 directories, 27 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →