Vulnerability in Git-for-windows Git
CVE-2023-22743
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Win…
EPSS: 0.001 (25.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H.
Affected products
- Git-for-windows Git — versions < 2.39.2
Weakness classification (CWE)
Public proof-of-concept exploits
References
- https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq (x_refsource_CONFIRM)
- https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3 (x_refsource_MISC)
- https://attack.mitre.org/techniques/T1574/002/ (x_refsource_MISC)
- https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1 (x_refsource_MISC)
- https://learn.microsoft.com/en-us/windows/win32/controls/cookbook-overview?redirectedfrom=MSDN#using-comctl32dll-version-6-in-an-application-that-uses-only-standard-extensions (x_refsource_MISC)
- https://learn.microsoft.com/en-us/windows/win32/sbscs/about-side-by-side-assemblies- (x_refsource_MISC)
Frequently asked questions
- What is CVE-2023-22743?
- CVE-2023-22743 is a high-severity vulnerability in Git-for-windows Git, classified under Untrusted Search Path. CVSS score: 7.3/10. Published 2023-02-14.
- How severe is CVE-2023-22743?
- High severity. CVSS v3 base score is 7.3 out of 10.
- Is CVE-2023-22743 known to be exploited?
- 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.