ubuntu-cve-2023-29007
Vulnerability from osv_ubuntu
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that are longer than 1024 characters can used to exploit a bug in config.c::git_config_copy_or_rename_section_in_file(). This bug can be used to inject arbitrary configuration into a user's $GIT_DIR/config when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as core.pager, core.editor, core.sshCommand, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running git submodule deinit on untrusted repositories or without prior inspection of any submodule sections in $GIT_DIR/config.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-all",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-arch",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-core",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-el",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-email",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-man",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "gitk",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.7.4-0ubuntu1.10+esm7"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "git",
"purl": "pkg:deb/ubuntu/git@1:2.7.4-0ubuntu1.10+esm7?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.7.4-0ubuntu1.10+esm7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.5.0-1",
"1:2.6.2-1",
"1:2.6.3-1",
"1:2.6.4-1",
"1:2.7.0~rc3-1",
"1:2.7.0-1",
"1:2.7.3-0ubuntu1",
"1:2.7.4-0ubuntu1",
"1:2.7.4-0ubuntu1.1",
"1:2.7.4-0ubuntu1.2",
"1:2.7.4-0ubuntu1.3",
"1:2.7.4-0ubuntu1.4",
"1:2.7.4-0ubuntu1.5",
"1:2.7.4-0ubuntu1.6",
"1:2.7.4-0ubuntu1.7",
"1:2.7.4-0ubuntu1.8",
"1:2.7.4-0ubuntu1.9",
"1:2.7.4-0ubuntu1.10",
"1:2.7.4-0ubuntu1.10+esm1",
"1:2.7.4-0ubuntu1.10+esm3",
"1:2.7.4-0ubuntu1.10+esm4",
"1:2.7.4-0ubuntu1.10+esm5",
"1:2.7.4-0ubuntu1.10+esm6"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "git-all",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "git-el",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "git-email",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "git-man",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "gitk",
"binary_version": "1:2.17.1-1ubuntu0.18"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.17.1-1ubuntu0.18"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "git",
"purl": "pkg:deb/ubuntu/git@1:2.17.1-1ubuntu0.18?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.17.1-1ubuntu0.18"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.14.1-1ubuntu4",
"1:2.15.1-1ubuntu2",
"1:2.17.0-1ubuntu1",
"1:2.17.1-1ubuntu0.1",
"1:2.17.1-1ubuntu0.3",
"1:2.17.1-1ubuntu0.4",
"1:2.17.1-1ubuntu0.5",
"1:2.17.1-1ubuntu0.6",
"1:2.17.1-1ubuntu0.7",
"1:2.17.1-1ubuntu0.8",
"1:2.17.1-1ubuntu0.9",
"1:2.17.1-1ubuntu0.10",
"1:2.17.1-1ubuntu0.11",
"1:2.17.1-1ubuntu0.12",
"1:2.17.1-1ubuntu0.13",
"1:2.17.1-1ubuntu0.14",
"1:2.17.1-1ubuntu0.15",
"1:2.17.1-1ubuntu0.16",
"1:2.17.1-1ubuntu0.17"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "git-all",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "git-el",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "git-email",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "git-man",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "gitk",
"binary_version": "1:2.25.1-1ubuntu3.11"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.25.1-1ubuntu3.11"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "git",
"purl": "pkg:deb/ubuntu/git@1:2.25.1-1ubuntu3.11?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.25.1-1ubuntu3.11"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.20.1-2ubuntu1",
"1:2.24.0-1ubuntu1",
"1:2.24.0-1ubuntu2",
"1:2.25.0-1ubuntu1",
"1:2.25.1-1ubuntu1",
"1:2.25.1-1ubuntu2",
"1:2.25.1-1ubuntu3",
"1:2.25.1-1ubuntu3.1",
"1:2.25.1-1ubuntu3.2",
"1:2.25.1-1ubuntu3.3",
"1:2.25.1-1ubuntu3.4",
"1:2.25.1-1ubuntu3.5",
"1:2.25.1-1ubuntu3.6",
"1:2.25.1-1ubuntu3.7",
"1:2.25.1-1ubuntu3.8",
"1:2.25.1-1ubuntu3.10"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.34.1-1ubuntu1.9"
},
{
"binary_name": "git-all",
"binary_version": "1:2.34.1-1ubuntu1.9"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.34.1-1ubuntu1.9"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.34.1-1ubuntu1.9"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.34.1-1ubuntu1.9"
},
{
"binary_name": "git-email",
"binary_version": "1:2.34.1-1ubuntu1.9"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.34.1-1ubuntu1.9"
},
{
"binary_name": "git-man",
"binary_version": "1:2.34.1-1ubuntu1.9"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.34.1-1ubuntu1.9"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.34.1-1ubuntu1.9"
},
{
"binary_name": "gitk",
"binary_version": "1:2.34.1-1ubuntu1.9"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.34.1-1ubuntu1.9"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "git",
"purl": "pkg:deb/ubuntu/git@1:2.34.1-1ubuntu1.9?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.34.1-1ubuntu1.9"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.32.0-1ubuntu1",
"1:2.33.1-1ubuntu1",
"1:2.34.1-1ubuntu1",
"1:2.34.1-1ubuntu1.1",
"1:2.34.1-1ubuntu1.2",
"1:2.34.1-1ubuntu1.4",
"1:2.34.1-1ubuntu1.5",
"1:2.34.1-1ubuntu1.6",
"1:2.34.1-1ubuntu1.8"
]
}
],
"aliases": [],
"details": "Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user\u0027s `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.",
"id": "UBUNTU-CVE-2023-29007",
"modified": "2025-09-08T16:56:13Z",
"published": "2023-04-25T17:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-29007"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6050-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6050-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29007"
}
],
"related": [
"USN-6050-1",
"USN-6050-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-29007"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.