• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Git Users Urged to Update Software to Prevent Remote Code Execution Attacks

You are here: Home / General Cyber Security News / Git Users Urged to Update Software to Prevent Remote Code Execution Attacks
January 18, 2023

Remote Code Execution Attacks

The maintainers of the Git supply code variation manage method have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution.

The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the next versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39..

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Patched versions include v2.30.7, v2.31.6, v2.32.5, v2.33.6, v2.34.6, v2.35.6, v2.36.4, v2.37.5, v2.38.3, and v2.39.1. X41 D-Sec security researchers Markus Vervier and Eric Sesterhenn as very well as GitLab’s Joern Schneeweisz have been credited with reporting the bugs.

“The most serious issue found enables an attacker to cause a heap-primarily based memory corruption throughout clone or pull functions, which may outcome in code execution,” the German cybersecurity corporation stated of CVE-2022-23521.

CVE-2022-41903, also a critical vulnerability, is induced during an archive operation, primary to code execution by way of an integer overflow flaw that occurs when formatting the commit logs.

“Also, a massive quantity of integer connected issues was identified which may perhaps guide to denial-of-company cases, out-of-bound reads or basically badly taken care of corner circumstances on huge enter,” X41 D-Sec observed.

Even though there are no workarounds for CVE-2022-23521, Git is recommending that consumers disable “git archive” in untrusted repositories as a mitigation for CVE-2022-41903 in eventualities in which updating to the most up-to-date model is not an solution.

GitLab, in a coordinated advisory, reported it has unveiled versions 15.7.5, 15.6.6, and 15.5.9 for GitLab Group Version (CE) and Enterprise Version (EE) to handle the shortcomings, urging clients to apply the fixes with speedy result.

Identified this report interesting? Follow us on Twitter  and LinkedIn to read through more special content we write-up.


Some elements of this short article are sourced from:
thehackernews.com

Previous Post: «cisa warns of flaws in siemens, ge digital, and contec CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems
Next Post: European Businesses Admit Major Privacy Skills Gap Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • European Businesses Admit Major Privacy Skills Gap
  • Git Users Urged to Update Software to Prevent Remote Code Execution Attacks
  • CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems
  • Vice Society Claims Ransomware Attack Against University of Duisburg-Essen
  • Researchers Warn Against Zoho ManageEngine Exploit Attacks
  • Three-Quarters of UK Schools Have Experienced a Cyber Incident
  • Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures
  • Security experts develop method of generating ‘highly evasive’ polymorphic malware using ChatGPT
  • Microsoft Azure Services Flaws Could’ve Exposed Cloud Resources to Unauthorized Access
  • Businesses must overhaul “outdated” recruitment mindset to tackle dearth of privacy expertise

Copyright © TheCyberSecurity.News, All Rights Reserved.