Git 任意文件写入漏洞(CVE-2023-25652)

admin

0
文章

0
评论

2023-11-30 02:23:44 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 Git 任意文件写入漏洞(CVE-2023-25652)

CVE编号

CVE-2023-25652

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-04-26

漏洞描述

Git 是一个版本控制系统。在版本 2.30.9、2.31.8、2.32.7、2.33.8、2.34.8、2.35.8、2.36.6、2.37.7、2.38.5、2.39.3 和 2.40.1 之前，通过喂食对 `git apply --reject` 的特制输入，工作树之外的路径可以被部分控制的内容覆盖（对应于给定补丁中被拒绝的块）。

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://www.openwall.com/lists/oss-security/2023/04/25/2
https://github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902
https://github.com/git/git/commit/668f2d53613ac8fd373926ebe219f2c29112d93e
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	git-scm	git	*		Up to (excluding) 2.30.9
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.31.0	Up to (excluding) 2.31.8
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.32.0	Up to (excluding) 2.32.7
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.33.0	Up to (excluding) 2.33.8
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.34.0	Up to (excluding) 2.34.8
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.35.0	Up to (excluding) 2.35.8
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.36.0	Up to (excluding) 2.36.6
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.37.0	Up to (excluding) 2.37.7
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.38.0	Up to (excluding) 2.38.5
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.39.0	Up to (excluding) 2.39.3
	运行在以下环境
	应用	git-scm	git	2.40.0	-
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	git	*		Up to (excluding) 1.8.3.1-25.1.al7
	运行在以下环境
	系统	alpine_3.14	git	*		Up to (excluding) 2.32.7-r0
	运行在以下环境
	系统	alpine_3.15	git	*		Up to (excluding) 2.34.8-r0
	运行在以下环境
	系统	alpine_3.16	git	*		Up to (excluding) 2.36.6-r0
	运行在以下环境
	系统	alpine_3.17	git	*		Up to (excluding) 2.38.5-r0
	运行在以下环境
	系统	alpine_3.18	git	*		Up to (excluding) 2.40.1-r0
	运行在以下环境
	系统	alpine_edge	git	*		Up to (excluding) 2.40.1-r0
	运行在以下环境
	系统	amazon_2	git	*		Up to (excluding) 2.40.1-1.amzn2.0.1
	运行在以下环境
	系统	amazon_2023	git	*		Up to (excluding) 2.40.1-1.amzn2023.0.1
	运行在以下环境
	系统	anolis_os_7	gitk	*		Up to (excluding) 1.8.3.1-25
	运行在以下环境
	系统	anolis_os_8	gitk	*		Up to (excluding) 2.39.3-1.0.1
	运行在以下环境
	系统	centos_7	git-instaweb	*		Up to (excluding) 1.8.3.1-25.el7_9
	运行在以下环境
	系统	centos_8	git-gui	*		Up to (excluding) 2.39.3-1.el8_8
	运行在以下环境
	系统	debian_10	git	*		Up to (including) 2.20.1-2+deb10u3
	运行在以下环境
	系统	debian_11	git	*		Up to (including) 2.30.2-1+deb11u2
	运行在以下环境
	系统	debian_12	git	*		Up to (including) 2.39.2-1.1
	运行在以下环境
	系统	debian_sid	git	*		Up to (excluding) 1:2.40.1-1
	运行在以下环境
	系统	fedoraproject	fedora	37	-
	运行在以下环境
	系统	fedoraproject	fedora	38	-
	运行在以下环境
	系统	fedora_36	git-svn	*		Up to (excluding) 2.40.1-1.fc36
	运行在以下环境
系统	fedora_37	git-svn	*		Up to (excluding) 2.40.1-1.fc37
运行在以下环境
系统	fedora_38	git-svn	*		Up to (excluding) 2.40.1-1.fc38
运行在以下环境
系统	kylinos_aarch64_V10	emacs-git	*		Up to (excluding) 1.8.3.1-25.el7_9
运行在以下环境
系统	kylinos_aarch64_V10SP2	git	*		Up to (excluding) 2.27.0-14.ky10
运行在以下环境
系统	kylinos_loongarch64_V10SP1	git	*		Up to (excluding) 2.27.0-14.a.ky10
运行在以下环境
系统	kylinos_x86_64_V10	emacs-git	*		Up to (excluding) 1.8.3.1-25.el7_9
运行在以下环境
系统	kylinos_x86_64_V10SP2	git	*		Up to (excluding) 2.27.0-14.ky10
运行在以下环境
系统	opensuse_Leap_15.4	git	*		Up to (excluding) 2.35.3-150300.10.27.1
运行在以下环境
系统	oracle_7	oraclelinux-release	*		Up to (excluding) 1.8.3.1-25.el7_9
运行在以下环境
系统	oracle_8	oraclelinux-release	*		Up to (excluding) 2.39.3-1.el8_8
运行在以下环境
系统	oracle_9	oraclelinux-release	*		Up to (excluding) 2.39.3-1.el9_2
运行在以下环境
系统	redhat_7	git-daemon	*		Up to (excluding) 1.8.3.1-25.el7_9
运行在以下环境
系统	redhat_8	git-gui	*		Up to (excluding) 2.39.3-1.el8_8
运行在以下环境
系统	redhat_9	git-daemon	*		Up to (excluding) 2.39.3-1.el9_2
运行在以下环境
系统	suse_12_SP5	git-core	*		Up to (excluding) 2.26.2-27.69.1
运行在以下环境
系统	ubuntu_18.04	git	*		Up to (excluding) 1:2.17.1-1ubuntu0.18
运行在以下环境
系统	ubuntu_20.04	git	*		Up to (excluding) 1:2.25.1-1ubuntu3.11
运行在以下环境
系统	ubuntu_22.04	git	*		Up to (excluding) 1:2.34.1-1ubuntu1.9
运行在以下环境
系统	ubuntu_22.10	git	*		Up to (excluding) 1:2.37.2-1ubuntu1.5
运行在以下环境
系统	unionos_a	git	*		Up to (excluding) git-2.39.3-1.uelc20.01
运行在以下环境
系统	unionos_e	git	*		Up to (excluding) git-2.27.0-17.uel20