CVE-2023-25652

HIGH

Published 2023-04-25T19:17:35.315Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-25652. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

7.5

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.006

probability

of exploitation in the wild

There is a 0.6% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.781

Higher than 78.1% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Description

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

git

Affected Versions:

< 2.30.9 >= 2.31.0, < 2.31.8 >= 2.32.0, < 2.32.7 >= 2.33.0, < 2.33.8 >= 2.34.0, < 2.34.8 >= 2.35.0, < 2.35.8 >= 2.36.0, < 2.36.6 >= 2.37.0, < 2.37.7 >= 2.38.0, < 2.38.5 >= 2.39.0, < 2.39.3 >= 2.40.0, < 2.40.1