Git has fixed two critical vulnerabilities that could allow attackers to execute RCE after successfully exploiting heap-based buffer overflow vulnerabilities.

The third Windows-specific flaw affecting the Git GUI is caused by the vulnerability of an unreliable search path and allows unauthorized attackers to perform low-complexity attacks using unreliable code.

Researchers Eric Sesterhenn and Marcus Vervier from X41, as well as Jorn Schneeweis from GitLab discovered them during an audit of the Git source code commissioned by OSTIF.

The first two vulnerabilities: one CVE-2022-41903 - in the mechanism of formatting commits and CVE-2022-23521 - in the gitattributes parser - have been fixed in new versions starting from 2.30.7.

The third, tracked as CVE-2022-41953, is still awaiting a fix, but users can work around the problem by not using Git GUI software to clone repositories or avoiding cloning from unreliable sources.

The most serious of them allows an attacker to initiate memory corruption in the heap during cloning or extraction, which leads to RCE, and the other allows it during archiving, which is usually performed by Git forgeries.

In addition, quite a lot of problems related to integers have been identified, which can lead to denial of service situations or reading out of bounds.

Users who do not have the ability to update, to protect against threats, you should disable the "git archive" in untrusted repositories or avoid running the command in untrusted repositories.

If the "git archive" is accessible via "git daemon", you must disable it when working with untrusted repositories by running the command "git config --global daemon.uploadArch false".

GitLab insists that the most effective way to protect is to update all installations to the latest version of Git v2.39.1 as soon as possible.