vulnerability
FreeBSD: VID-d2c6173f-e43b-11ed-a1d7-002590f2a714 (CVE-2023-25652): git -- Multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Apr 26, 2023 | Apr 27, 2023 | Mar 25, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Apr 26, 2023
Added
Apr 27, 2023
Modified
Mar 25, 2026
Description
git developers reports: This update includes 2 security fixes: CVE-2023-25652: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch) CVE-2023-29007: A specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug that can be used to inject arbitrary configuration into user's git config. This can result in arbitrary execution of code, by inserting values for core.pager, core.editor and so on
Solutions
freebsd-upgrade-package-gitfreebsd-upgrade-package-git-litefreebsd-upgrade-package-git-tiny
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.