Main Vulnerability Database Vulnerabilities #VU62260

#VU62260 Insecure DLL loading in Git - CVE-2022-24767

Published: April 12, 2022

Vulnerability identifier: #VU62260

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-24767

CWE-ID: CWE-427

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Git

Software vendor:
Git

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the uninstaller binary loads DLL libraries in an insecure manner from the current working directory. A local user can place a specially crafted .dll file onto the system, trick the victim to run the uninstaller binary from that directory and execute arbitrary code with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3
https://github.com/git-for-windows/git/releases/tag/v2.35.2.windows.1

#VU62260 Insecure DLL loading in Git - CVE-2022-24767

Description

Remediation

External links

Please verify you're human