KLA20184
Multiple vulnerabilities in Git for Windows

Updated: 05/16/2023
Detect date
?
10/18/2022
Severity
?
High
Description

Multiple vulnerabilities were found in Git for Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Information disclosure vulnerability in Git can be exploited remotely to obtain sensitive information.
  2. Integer overflow vulnerability in git shell can be exploited to execute arbitrary code.
Exploitation

The following public exploits exists for this vulnerability:

https://github.com/HiImDarwin/NetworkSecurityFinalProject

Affected products

Git for Windows earlier than 2.38.1

Solution

Update to the latest version
Git – Downloading Package

Original advisories

Git security vulnerabilities announced

Impacts
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Related products
Git for Windows
CVE-IDS
?
CVE-2022-392535.0Critical
CVE-2022-392605.0Critical
Find out the statistics of the vulnerabilities spreading in your region