Published: 09/02/2018 Updated: 06/03/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

GIT version 2.15.1 and previous versions contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

Vulnerable Product	Search on Vulmon	Subscribe to Product
git-scm git

Debian Bug report logs - #889680 git: CVE-2018-1000021: client prints server sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands Package: src:git; Maintainer for src:git is Gerrit Pape <pape@smardenorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> ...

It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumsta ...

CWE-20 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889680 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-1000021

CVE-2018-1000021

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect