A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. The latest git vulnerabilities CVE-2022-41903 is an out-of-bounds memory write flaw in log formatting and CVE-2022-23251 is a truncated allocation leading to out-of-bounds write via large number of attributes. Both may result in remote code execution. More technical info about each of the flaws can be found in this post by X41 D-Sec researchers … More
The post Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251) appeared first on Help Net Security.