CVE-2018-17456
Description
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive git clone of a superproject if a .gitmodules file has a URL field beginning with a - character.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
66.226
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-17456 are affected in Git (X64) 2.14.4 | Windows |
| Vulnerabilities CVE-2018-17456 are affected in Git (X64) 2.15.2 | Windows |
| Vulnerabilities CVE-2018-17456 are affected in Git (X64) 2.16.4 | Windows |
| Vulnerabilities CVE-2018-17456 are affected in Git (X64) 2.17.1 | Windows |
| Vulnerabilities CVE-2018-17456 are affected in Git (X64) 2.18.0-rc2 | Windows |
| Vulnerabilities CVE-2018-17456 are affected in Git (X64) 2.19.0-rc2 | Windows |
| Vulnerabilities CVE-2018-17456 are affected in Git 2.14.4 | Windows |
| Vulnerabilities CVE-2018-17456 are affected in Git 2.15.2 | Windows |
| Vulnerabilities CVE-2018-17456 are affected in Git 2.16.4 | Windows |
| Vulnerabilities CVE-2018-17456 are affected in Git 2.17.1 | Windows |
| Vulnerabilities CVE-2018-17456 are affected in Git 2.18.0-rc2 | Windows |
| Vulnerabilities CVE-2018-17456 are affected in Git 2.19.0-rc2 | Windows |
| git security update(DSA-4311-1) git_2.11.0-3+deb9u4_i386.deb | Linux |
| git security update(DSA-4311-1) git_2.11.0-3+deb9u4_amd64.deb | Linux |
| Git security update (CESA-2018:1957) git-1.8.3.1-20.el7.x86_64.rpm | Linux |
| Git security update (CESA-2018:1957) git-svn-1.8.3.1-20.el7.x86_64.rpm | Linux |
| Git security update (CESA-2018:1957) git-daemon-1.8.3.1-20.el7.x86_64.rpm | Linux |
| Git security update (CESA-2018:3408) git-1.8.3.1-20.el7.x86_64.rpm | Linux |
| Git security update (CESA-2018:3408) gitk-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) git-hg-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) git-p4-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) gitweb-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) git-all-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) git-bzr-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) git-cvs-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) git-gui-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) git-svn-1.8.3.1-20.el7.x86_64.rpm | Linux |
| Git security update (CESA-2018:3408) perl-Git-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) emacs-git-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) git-email-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) git-daemon-1.8.3.1-20.el7.x86_64.rpm | Linux |
| Git security update (CESA-2018:3408) emacs-git-el-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) git-instaweb-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) perl-Git-SVN-1.8.3.1-20.el7.noarch.rpm | Linux |
| Git security update (CESA-2018:3408) git-gnome-keyring-1.8.3.1-20.el7.x86_64.rpm | Linux |
| (RHSA-2018:3408) git security update emacs-git-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update emacs-git-el-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update git-1.8.3.1-20.el7.x86_64.rpm | Linux |
| (RHSA-2018:3408) git security update git-all-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update git-bzr-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update git-cvs-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update git-daemon-1.8.3.1-20.el7.x86_64.rpm | Linux |
| (RHSA-2018:3408) git security update git-email-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update git-gnome-keyring-1.8.3.1-20.el7.x86_64.rpm | Linux |
| (RHSA-2018:3408) git security update git-gui-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update git-hg-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update git-instaweb-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update git-p4-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update git-svn-1.8.3.1-20.el7.x86_64.rpm | Linux |
| (RHSA-2018:3408) git security update gitk-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update gitweb-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update perl-Git-1.8.3.1-20.el7.noarch.rpm | Linux |
| (RHSA-2018:3408) git security update perl-Git-SVN-1.8.3.1-20.el7.noarch.rpm | Linux |
| SUSE-SU-2018:4088-1(SUSE Linux Enterprise Server 12-SP3 ) git-core-2.12.3-27.17.2.x86_64.rpm | Linux |
| SUSE-SU-2018:4088-1(SUSE Linux Enterprise Server 12-SP3 ) git-core-debuginfo-2.12.3-27.17.2.x86_64.rpm | Linux |
| SUSE-SU-2018:4088-1(SUSE Linux Enterprise Server 12-SP3 ) git-debugsource-2.12.3-27.17.2.x86_64.rpm | Linux |
| (RHSA-2020:0316) git security update emacs-git-1.7.1-10.el6_10.noarch.rpm | Linux |
| (RHSA-2020:0316) git security update emacs-git-el-1.7.1-10.el6_10.noarch.rpm | Linux |
| (RHSA-2020:0316) git security update git-1.7.1-10.el6_10.i686.rpm | Linux |
| (RHSA-2020:0316) git security update git-1.7.1-10.el6_10.x86_64.rpm | Linux |
| (RHSA-2020:0316) git security update git-all-1.7.1-10.el6_10.noarch.rpm | Linux |
| (RHSA-2020:0316) git security update git-cvs-1.7.1-10.el6_10.noarch.rpm | Linux |
| (RHSA-2020:0316) git security update git-daemon-1.7.1-10.el6_10.i686.rpm | Linux |
| (RHSA-2020:0316) git security update git-daemon-1.7.1-10.el6_10.x86_64.rpm | Linux |
| (RHSA-2020:0316) git security update git-email-1.7.1-10.el6_10.noarch.rpm | Linux |
| (RHSA-2020:0316) git security update git-gui-1.7.1-10.el6_10.noarch.rpm | Linux |
| (RHSA-2020:0316) git security update git-svn-1.7.1-10.el6_10.noarch.rpm | Linux |
| (RHSA-2020:0316) git security update gitk-1.7.1-10.el6_10.noarch.rpm | Linux |
| (RHSA-2020:0316) git security update gitweb-1.7.1-10.el6_10.noarch.rpm | Linux |
| (RHSA-2020:0316) git security update perl-Git-1.7.1-10.el6_10.noarch.rpm | Linux |
| Git update (ELSA-2020-0316) git-1.7.1-10.el6_10.x86_64.rpm | Linux |
| Git-daemon update (ELSA-2020-0316) git-daemon-1.7.1-10.el6_10.x86_64.rpm | Linux |
| Emacs-git update (ELSA-2020-0316) emacs-git-1.7.1-10.el6_10.noarch.rpm | Linux |
| Emacs-git-el update (ELSA-2020-0316) emacs-git-el-1.7.1-10.el6_10.noarch.rpm | Linux |
| Git-all update (ELSA-2020-0316) git-all-1.7.1-10.el6_10.noarch.rpm | Linux |
| Git-cvs update (ELSA-2020-0316) git-cvs-1.7.1-10.el6_10.noarch.rpm | Linux |
| Git-email update (ELSA-2020-0316) git-email-1.7.1-10.el6_10.noarch.rpm | Linux |
| Git-gui update (ELSA-2020-0316) git-gui-1.7.1-10.el6_10.noarch.rpm | Linux |
| Git-svn update (ELSA-2020-0316) git-svn-1.7.1-10.el6_10.noarch.rpm | Linux |
| Gitk update (ELSA-2020-0316) gitk-1.7.1-10.el6_10.noarch.rpm | Linux |
| Gitweb update (ELSA-2020-0316) gitweb-1.7.1-10.el6_10.noarch.rpm | Linux |
| Perl-Git update (ELSA-2020-0316) perl-Git-1.7.1-10.el6_10.noarch.rpm | Linux |
| Git update (ELSA-2020-0316) git-1.7.1-10.el6_10.i686.rpm | Linux |
| Git-daemon update (ELSA-2020-0316) git-daemon-1.7.1-10.el6_10.i686.rpm | Linux |
| (CESA-2020:0316) git security update emacs-git-1.7.1-10.el6_10.noarch.rpm | Linux |
| (CESA-2020:0316) git security update emacs-git-el-1.7.1-10.el6_10.noarch.rpm | Linux |
| (CESA-2020:0316) git security update git-1.7.1-10.el6_10.i686.rpm | Linux |
| (CESA-2020:0316) git security update git-1.7.1-10.el6_10.x86_64.rpm | Linux |
| (CESA-2020:0316) git security update git-all-1.7.1-10.el6_10.noarch.rpm | Linux |
| (CESA-2020:0316) git security update git-cvs-1.7.1-10.el6_10.noarch.rpm | Linux |
| (CESA-2020:0316) git security update git-daemon-1.7.1-10.el6_10.i686.rpm | Linux |
| (CESA-2020:0316) git security update git-daemon-1.7.1-10.el6_10.x86_64.rpm | Linux |
| (CESA-2020:0316) git security update git-email-1.7.1-10.el6_10.noarch.rpm | Linux |
| (CESA-2020:0316) git security update git-gui-1.7.1-10.el6_10.noarch.rpm | Linux |
| (CESA-2020:0316) git security update git-svn-1.7.1-10.el6_10.noarch.rpm | Linux |
| (CESA-2020:0316) git security update gitk-1.7.1-10.el6_10.noarch.rpm | Linux |
| (CESA-2020:0316) git security update gitweb-1.7.1-10.el6_10.noarch.rpm | Linux |
| (CESA-2020:0316) git security update perl-Git-1.7.1-10.el6_10.noarch.rpm | Linux |
| git Security Update (ALAS-2018-1093) git-core-doc-2.14.5-1.amzn2.x86_64.rpm | Linux |
| git Security Update (ALAS-2018-1093) git-gnome-keyring-2.14.5-1.amzn2.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-352878 | Git (x64) (2.51.2) |
| PATCH-352878 | Git (x64) (2.51.2) |
| PATCH-352878 | Git (x64) (2.51.2) |
| PATCH-352878 | Git (x64) (2.51.2) |
| PATCH-352878 | Git (x64) (2.51.2) |
| PATCH-352878 | Git (x64) (2.51.2) |
| PATCH-350752 | Git (2.50.1) |
| PATCH-350752 | Git (2.50.1) |
| PATCH-350752 | Git (2.50.1) |
| PATCH-350752 | Git (2.50.1) |
| PATCH-350752 | Git (2.50.1) |
| PATCH-350752 | Git (2.50.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234