Github Git 安全漏洞（CVE-2022-29187）

admin

0
文章

0
评论

2023-11-30 06:51:44 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 Github Git 安全漏洞（CVE-2022-29187）

CVE编号

CVE-2022-29187

利用情况

暂无

补丁情况

官方补丁

披露时间

2022-07-14

漏洞描述

Github Git是一套免费、开源的分布式版本控制系统。 Github Git 存在安全漏洞，该漏洞源于可以绕过安全目录保护。受影响版本：Git 2.37.1、2.36.2、2.35.4、2.34.4、2.33.4、2.32.3、2.31.4 和 2.30.5 之前版本。

解决建议

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v

参考链接
http://seclists.org/fulldisclosure/2022/Nov/1
http://www.openwall.com/lists/oss-security/2022/07/14/1
https://github.blog/2022-04-12-git-security-vulnerability-announced
https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v
https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lore.kernel.org/git/xmqqv8s2fefi.fsf%40gitster.g/T/
https://support.apple.com/kb/HT213496

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.30.3	Up to (excluding) 2.30.5
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.31.2	Up to (excluding) 2.31.4
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.32.1	Up to (excluding) 2.32.3
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.33.2	Up to (excluding) 2.33.4
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.34.2	Up to (excluding) 2.34.4
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.35.2	Up to (excluding) 2.35.4
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.36.0	Up to (excluding) 2.36.2
	运行在以下环境
	应用	git-scm	git	*	From (including) 2.37.0	Up to (excluding) 2.37.1
	运行在以下环境
	系统	alpine_3.13	git	*		Up to (excluding) 2.30.5-r0
	运行在以下环境
	系统	alpine_3.14	git	*		Up to (excluding) 2.32.3-r0
	运行在以下环境
	系统	alpine_3.15	git	*		Up to (excluding) 2.34.4-r0
	运行在以下环境
	系统	alpine_3.16	git	*		Up to (excluding) 2.36.2-r0
	运行在以下环境
	系统	alpine_3.17	git	*		Up to (excluding) 1.4.4-r0
	运行在以下环境
	系统	alpine_3.18	git	*		Up to (excluding) 1.4.4-r0
	运行在以下环境
	系统	alpine_edge	git	*		Up to (excluding) 1.4.4-r0
	运行在以下环境
	系统	amazon_2	git	*		Up to (excluding) 2.37.1-1.amzn2.0.1
	运行在以下环境
	系统	amazon_2022	git	*		Up to (excluding) 2.37.1-1.amzn2022.0.1
	运行在以下环境
	系统	amazon_2023	git	*		Up to (excluding) 2.39.1-1.amzn2023.0.2
	运行在以下环境
	系统	amazon_AMI	git	*		Up to (excluding) 2.37.1-1.76.amzn1
	运行在以下环境
	系统	centos_8	git-svn	*		Up to (excluding) 2.39.1-1.el8
	运行在以下环境
	系统	debian_10	git	*		Up to (excluding) 1:2.20.1-2+deb10u5
	运行在以下环境
	系统	debian_11	git	*		Up to (excluding) 1:2.30.2-1+deb11u1
	运行在以下环境
	系统	debian_12	git	*		Up to (excluding) 1:2.37.2-1
	运行在以下环境
	系统	debian_sid	git	*		Up to (excluding) 1:2.37.2-1
	运行在以下环境
	系统	fedora_35	git-instaweb	*		Up to (excluding) 2.37.1-1.fc35
	运行在以下环境
	系统	fedora_36	libgit2	*		Up to (excluding) 0.21.0-6.fc36
	运行在以下环境
	系统	fedora_37	libgit2	*		Up to (excluding) 0.21.0-6.fc37
	运行在以下环境
	系统	fedora_EPEL_9	rust-exa-debugsource	*		Up to (excluding) 0.21.0-7.el9
	运行在以下环境
	系统	kylinos_aarch64_V10	git	*		Up to (excluding) 2.39.1-1.el8
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	git	*		Up to (excluding) 2.27.0-8.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	git	*		Up to (excluding) 2.27.0-8.ky10
	运行在以下环境
系统	kylinos_loongarch64_V10SP1	git	*		Up to (excluding) 2.27.0-9.a.ky10
运行在以下环境
系统	kylinos_x86_64_V10	git	*		Up to (excluding) 2.39.1-1.el8
运行在以下环境
系统	kylinos_x86_64_V10SP1	git	*		Up to (excluding) 2.27.0-8.ky10
运行在以下环境
系统	kylinos_x86_64_V10SP2	git	*		Up to (excluding) 2.27.0-8.ky10
运行在以下环境
系统	opensuse_Leap_15.3	libgit2-26-32bit	*		Up to (excluding) 2.35.3-150300.10.15.1
运行在以下环境
系统	opensuse_Leap_15.4	libgit2-26-32bit	*		Up to (excluding) 2.35.3-150300.10.15.1
运行在以下环境
系统	oracle_8	oraclelinux-release	*		Up to (excluding) 2.39.1-1.el8
运行在以下环境
系统	oracle_9	oraclelinux-release	*		Up to (excluding) 2.39.1-1.el9
运行在以下环境
系统	redhat_8	git-svn	*		Up to (excluding) 2.39.1-1.el8
运行在以下环境
系统	redhat_9	git-daemon	*		Up to (excluding) 2.39.1-1.el9
运行在以下环境
系统	suse_12_SP5	git-core	*		Up to (excluding) 2.26.2-27.57.1
运行在以下环境
系统	ubuntu_18.04	git	*		Up to (excluding) 1:2.17.1-1ubuntu0.12
运行在以下环境
系统	ubuntu_20.04	git	*		Up to (excluding) 1:2.25.1-1ubuntu3.5
运行在以下环境
系统	ubuntu_21.10	git	*		Up to (excluding) 1:2.32.0-1ubuntu1.3
运行在以下环境
系统	ubuntu_22.04	git	*		Up to (excluding) 1:2.34.1-1ubuntu1.4
运行在以下环境
系统	ubuntu_22.10	git	*		Up to (excluding) 1:2.36.1-1ubuntu2
运行在以下环境
系统	unionos_a	git	*		Up to (excluding) git-2.39.1-1.uelc20.01