ID

VAR-202210-1202


CVE

CVE-2022-39253


TITLE

Git SCM  of  Git  Link interpretation vulnerabilities in products from multiple other vendors

Trust: 0.8

sources: JVNDB: JVNDB-2022-019303

DESCRIPTION

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`. Git SCM of Git Products from several other vendors contain link interpretation vulnerabilities.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: git security and bug fix update Advisory ID: RHSA-2023:2859-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2859 Issue date: 2023-05-16 CVE Names: CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 ==================================================================== 1. Summary: An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765) * git: Bypass of safe.directory protections (CVE-2022-29187) * git: exposure of sensitive information to a malicious actor (CVE-2022-39253) * git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree 2107439 - CVE-2022-29187 git: Bypass of safe.directory protections 2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor 2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes. 2139378 - Rebase git to 2.39 version [rhel-8.8] 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: git-2.39.1-1.el8.src.rpm aarch64: git-2.39.1-1.el8.aarch64.rpm git-core-2.39.1-1.el8.aarch64.rpm git-core-debuginfo-2.39.1-1.el8.aarch64.rpm git-credential-libsecret-2.39.1-1.el8.aarch64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el8.aarch64.rpm git-daemon-2.39.1-1.el8.aarch64.rpm git-daemon-debuginfo-2.39.1-1.el8.aarch64.rpm git-debuginfo-2.39.1-1.el8.aarch64.rpm git-debugsource-2.39.1-1.el8.aarch64.rpm git-subtree-2.39.1-1.el8.aarch64.rpm noarch: git-all-2.39.1-1.el8.noarch.rpm git-core-doc-2.39.1-1.el8.noarch.rpm git-email-2.39.1-1.el8.noarch.rpm git-gui-2.39.1-1.el8.noarch.rpm git-instaweb-2.39.1-1.el8.noarch.rpm git-svn-2.39.1-1.el8.noarch.rpm gitk-2.39.1-1.el8.noarch.rpm gitweb-2.39.1-1.el8.noarch.rpm perl-Git-2.39.1-1.el8.noarch.rpm perl-Git-SVN-2.39.1-1.el8.noarch.rpm ppc64le: git-2.39.1-1.el8.ppc64le.rpm git-core-2.39.1-1.el8.ppc64le.rpm git-core-debuginfo-2.39.1-1.el8.ppc64le.rpm git-credential-libsecret-2.39.1-1.el8.ppc64le.rpm git-credential-libsecret-debuginfo-2.39.1-1.el8.ppc64le.rpm git-daemon-2.39.1-1.el8.ppc64le.rpm git-daemon-debuginfo-2.39.1-1.el8.ppc64le.rpm git-debuginfo-2.39.1-1.el8.ppc64le.rpm git-debugsource-2.39.1-1.el8.ppc64le.rpm git-subtree-2.39.1-1.el8.ppc64le.rpm s390x: git-2.39.1-1.el8.s390x.rpm git-core-2.39.1-1.el8.s390x.rpm git-core-debuginfo-2.39.1-1.el8.s390x.rpm git-credential-libsecret-2.39.1-1.el8.s390x.rpm git-credential-libsecret-debuginfo-2.39.1-1.el8.s390x.rpm git-daemon-2.39.1-1.el8.s390x.rpm git-daemon-debuginfo-2.39.1-1.el8.s390x.rpm git-debuginfo-2.39.1-1.el8.s390x.rpm git-debugsource-2.39.1-1.el8.s390x.rpm git-subtree-2.39.1-1.el8.s390x.rpm x86_64: git-2.39.1-1.el8.x86_64.rpm git-core-2.39.1-1.el8.x86_64.rpm git-core-debuginfo-2.39.1-1.el8.x86_64.rpm git-credential-libsecret-2.39.1-1.el8.x86_64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el8.x86_64.rpm git-daemon-2.39.1-1.el8.x86_64.rpm git-daemon-debuginfo-2.39.1-1.el8.x86_64.rpm git-debuginfo-2.39.1-1.el8.x86_64.rpm git-debugsource-2.39.1-1.el8.x86_64.rpm git-subtree-2.39.1-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24765 https://access.redhat.com/security/cve/CVE-2022-29187 https://access.redhat.com/security/cve/CVE-2022-39253 https://access.redhat.com/security/cve/CVE-2022-39260 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGNwYNzjgjWX9erEAQjtOg/7B3yj4iBkSeM+y7MatCWlSr6fTLLtBCu/ +PbJT3MHc0j/E/ea3kzoSDHSW8tJ2UZGPFZWJqsHvOYe9lPaDiKcDHs+zvWkBgMc 54Jf4E0t09bAY9OCSVBNRWWfy3lH5pHCMB8Gs/1vGf/9xIiW+V+xCMxzLJiKeQZ+ dxKtA6CvrKOONsKc5zaBol3SP3afJAFwfGd0BZSeL5pmeQhV6DcfvNZRqUIlO/aD +nO8oPgFytf4zqFbEa808qWU2UGbo8DhWvxWBGPEjKJA9YC7KVKQKJep4I9UiwMQ upCi3P/azExIqHx8+H0oIh06+HYVMGin8hTzaunuHmJ9jt2hfla69MzM1qK+xw2H NFJhC/S5i5OdbUNATCVntGIzklfu49mZN21iYO7Op2RHSW8Agg8O1IexhFRWQ5VL Y8ZfiPWBiI6126bxt04nEjLNLMvi0P7jTXxSGPPsRDOPOWncTgu4s/mYQ/z4RLp9 gfXo41lwu0Y016aD9ad7sMjHLOkDWDfzUitmFvO/0rObkE1SN0IM31aCt5SEXYhl QhFtOHGRxIHZjTiHLUYj6nKeIXtk0XeSZYklnxfcqPA6+XahtH7b/aO9OyFGqBah VQqX+t+Z6zvuM1c+CVp8EwcxtHPrrj8FOGKhXIxppbwskLWcdOxRh/QPlbmxigvY LTKSL3ahkzo=TI8Z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-11-01-1 Xcode 14.1 Xcode 14.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213496. Git Available for: macOS Monterey 12.5 and later Impact: Multiple issues in git Description: Multiple issues were addressed by updating to git version 2.32.3. CVE-2022-29187: Carlo Marcelo Arenas Belón and Johannes Schindelin Git Available for: macOS Monterey 12.5 and later Impact: Cloning a malicious repository may result in the disclosure of sensitive information Description: This issue was addressed with improved checks. CVE-2022-39253: Cory Snider of Mirantis Git Available for: macOS Monterey 12.5 and later Impact: A remote user may cause an unexpected app termination or arbitrary code execution if git shell is allowed as a login shell Description: This issue was addressed with improved checks. CVE-2022-39260: Kevin Backhouse of the GitHub Security Lab IDE Xcode Server Available for: macOS Monterey 12.5 and later Impact: An app may be able to gain root privileges Description: An injection issue was addressed with improved input validation. CVE-2022-42797: Tim Michaud (@TimGMichaud) of Moveworks.ai Xcode 14.1 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 14.1". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. ========================================================================== Ubuntu Security Notice USN-5686-3 November 21, 2022 git vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 Summary: Several security issues were fixed in Git. This update provides the corresponding updates for Ubuntu 22.10. Original advisory details: Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. (CVE-2022-39253) Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution. (CVE-2022-39260) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: git 1:2.37.2-1ubuntu1.1 In general, a standard system update will make all the necessary changes. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell. This update includes two changes of behavior that may affect certain setup: - It stops when directory traversal changes ownership from the current user while looking for a top-level git directory, a user could make an exception by using the new safe.directory configuration. - The default of protocol.file.allow has been changed from "always" to "user". For the stable distribution (bullseye), these problems have been fixed in version 1:2.30.2-1+deb11u1. We recommend that you upgrade your git packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202312-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Git: Multiple Vulnerabilities Date: December 27, 2023 Bugs: #838127, #857831, #877565, #891221, #894472, #905088 ID: 202312-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Affected packages ================= Package Vulnerable Unaffected ----------- ------------ ------------ dev-vcs/git < 2.39.3 >= 2.39.3 Description =========== Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Git users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.39.3" References ========== [ 1 ] CVE-2022-23521 https://nvd.nist.gov/vuln/detail/CVE-2022-23521 [ 2 ] CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 [ 3 ] CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 [ 4 ] CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 [ 5 ] CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 [ 6 ] CVE-2022-41903 https://nvd.nist.gov/vuln/detail/CVE-2022-41903 [ 7 ] CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 [ 8 ] CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 [ 9 ] CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 [ 10 ] CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 [ 11 ] CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202312-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.34

sources: NVD: CVE-2022-39253 // JVNDB: JVNDB-2022-019303 // VULHUB: VHN-435022 // PACKETSTORM: 169416 // PACKETSTORM: 172366 // PACKETSTORM: 171570 // PACKETSTORM: 169735 // PACKETSTORM: 169954 // PACKETSTORM: 170787 // PACKETSTORM: 176313

AFFECTED PRODUCTS

vendor:git scmmodel:gitscope:gteversion:2.32.0

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.30.6

Trust: 1.0

vendor:git scmmodel:gitscope:eqversion:2.38.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:37

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.35.5

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.36.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.33.5

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.31.0

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.37.4

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.33.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.32.4

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.35.0

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:14.1

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.34.0

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.34.5

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.31.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.36.3

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.37.0

Trust: 1.0

vendor:git scmmodel:gitscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:アップルmodel:xcodescope:eqversion:14.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-019303 // NVD: CVE-2022-39253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-39253
value: MEDIUM

Trust: 1.0

security-advisories@github.com: CVE-2022-39253
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-39253
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-1263
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-39253
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-39253
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019303 // CNNVD: CNNVD-202210-1263 // NVD: CVE-2022-39253 // NVD: CVE-2022-39253

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.1

problemtype:CWE-200

Trust: 1.0

problemtype:Link interpretation problem (CWE-59) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-435022 // JVNDB: JVNDB-2022-019303 // NVD: CVE-2022-39253

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1263

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-202210-1263

PATCH

title:HT213496url:https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html

Trust: 0.8

title:Git Post-link vulnerability fixesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=211665

Trust: 0.6

sources: JVNDB: JVNDB-2022-019303 // CNNVD: CNNVD-202210-1263

EXTERNAL IDS

db:NVDid:CVE-2022-39253

Trust: 4.0

db:OPENWALLid:OSS-SECURITY/2023/02/14/5

Trust: 2.5

db:OPENWALLid:OSS-SECURITY/2024/05/14/2

Trust: 1.0

db:PACKETSTORMid:169416

Trust: 0.8

db:PACKETSTORMid:170787

Trust: 0.8

db:JVNDBid:JVNDB-2022-019303

Trust: 0.8

db:PACKETSTORMid:169735

Trust: 0.7

db:PACKETSTORMid:169954

Trust: 0.7

db:AUSCERTid:ESB-2022.6094

Trust: 0.6

db:AUSCERTid:ESB-2023.0955

Trust: 0.6

db:AUSCERTid:ESB-2023.1842

Trust: 0.6

db:AUSCERTid:ESB-2022.5479

Trust: 0.6

db:CNNVDid:CNNVD-202210-1263

Trust: 0.6

db:VULHUBid:VHN-435022

Trust: 0.1

db:PACKETSTORMid:172366

Trust: 0.1

db:PACKETSTORMid:171570

Trust: 0.1

db:PACKETSTORMid:176313

Trust: 0.1

sources: VULHUB: VHN-435022 // JVNDB: JVNDB-2022-019303 // PACKETSTORM: 169416 // PACKETSTORM: 172366 // PACKETSTORM: 171570 // PACKETSTORM: 169735 // PACKETSTORM: 169954 // PACKETSTORM: 170787 // PACKETSTORM: 176313 // CNNVD: CNNVD-202210-1263 // NVD: CVE-2022-39253

REFERENCES

url:http://seclists.org/fulldisclosure/2022/nov/1

Trust: 2.5

url:http://www.openwall.com/lists/oss-security/2023/02/14/5

Trust: 2.5

url:https://support.apple.com/kb/ht213496

Trust: 1.7

url:https://github.com/git/git/security/advisories/ghsa-3wp6-j8xr-qw85

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-39253

Trust: 1.5

url:https://security.gentoo.org/glsa/202312-15

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2024/05/14/2

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/c7b6jpkx5cgglahxjvqmiznneeb72fhd/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmqwgmdlx6ktvww5jzlvpi7icak72tn7/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ohno2fb55cpx47baxmbwubgwho6n6zzh/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ukfhe4kvd7eks5j3ktdfvbeku3clxgvv/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vfyxctlosesyip72buyd6ecdimum4wmb/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vfyxctlosesyip72buyd6ecdimum4wmb/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jmqwgmdlx6ktvww5jzlvpi7icak72tn7/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ohno2fb55cpx47baxmbwubgwho6n6zzh/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ukfhe4kvd7eks5j3ktdfvbeku3clxgvv/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/c7b6jpkx5cgglahxjvqmiznneeb72fhd/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-39260

Trust: 0.6

url:https://packetstormsecurity.com/files/169954/ubuntu-security-notice-usn-5686-3.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6094

Trust: 0.6

url:https://packetstormsecurity.com/files/169735/apple-security-advisory-2022-11-01-1.html

Trust: 0.6

url:https://support.apple.com/en-us/ht213496

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0955

Trust: 0.6

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-39253

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1842

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-39253/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5479

Trust: 0.6

url:https://packetstormsecurity.com/files/170787/debian-security-advisory-5332-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/169416/ubuntu-security-notice-usn-5686-1.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-29187

Trust: 0.4

url:https://ubuntu.com/security/notices/usn-5686-1

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-24765

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-41903

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23521

Trust: 0.2

url:https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.13

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.5

Trust: 0.1

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-39260

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:2859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24765

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-39253

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29187

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5686-4

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42797

Trust: 0.1

url:https://developer.apple.com/xcode/downloads/

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://support.apple.com/ht213496.

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5686-3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.37.2-1ubuntu1.1

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/git

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-29007

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-25815

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-25652

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-22490

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

sources: VULHUB: VHN-435022 // JVNDB: JVNDB-2022-019303 // PACKETSTORM: 169416 // PACKETSTORM: 172366 // PACKETSTORM: 171570 // PACKETSTORM: 169735 // PACKETSTORM: 169954 // PACKETSTORM: 170787 // PACKETSTORM: 176313 // CNNVD: CNNVD-202210-1263 // NVD: CVE-2022-39253

CREDITS

Ubuntu

Trust: 0.3

sources: PACKETSTORM: 169416 // PACKETSTORM: 171570 // PACKETSTORM: 169954

SOURCES

db:VULHUBid:VHN-435022
db:JVNDBid:JVNDB-2022-019303
db:PACKETSTORMid:169416
db:PACKETSTORMid:172366
db:PACKETSTORMid:171570
db:PACKETSTORMid:169735
db:PACKETSTORMid:169954
db:PACKETSTORMid:170787
db:PACKETSTORMid:176313
db:CNNVDid:CNNVD-202210-1263
db:NVDid:CVE-2022-39253

LAST UPDATE DATE

2024-11-20T21:54:04.367000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-435022date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-019303date:2023-10-25T05:25:00
db:CNNVDid:CNNVD-202210-1263date:2023-03-29T00:00:00
db:NVDid:CVE-2022-39253date:2024-06-10T18:15:19.643

SOURCES RELEASE DATE

db:VULHUBid:VHN-435022date:2022-10-19T00:00:00
db:JVNDBid:JVNDB-2022-019303date:2023-10-25T00:00:00
db:PACKETSTORMid:169416date:2022-10-18T22:32:05
db:PACKETSTORMid:172366date:2023-05-16T17:08:14
db:PACKETSTORMid:171570date:2023-03-29T10:13:26
db:PACKETSTORMid:169735date:2022-11-08T13:42:03
db:PACKETSTORMid:169954date:2022-11-21T15:22:01
db:PACKETSTORMid:170787date:2023-01-30T16:35:13
db:PACKETSTORMid:176313date:2023-12-27T14:55:24
db:CNNVDid:CNNVD-202210-1263date:2022-10-18T00:00:00
db:NVDid:CVE-2022-39253date:2022-10-19T11:15:11.227