Wind River Support Network

Meet the Support Network

Home CVE Database CVE-2024-32465

CVE-2024-32465

Description

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.

Priority: --
CVSS v3: 7.3
Component: git
Publish Date: May 14, 2024
Related ID: --
CVSS v2: HIGH
Modified Date: May 14, 2024

Find out more about CVE-2024-32465 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Requires LTSS -- -- --
Wind River Linux 8 Requires LTSS -- -- --
Wind River Linux 9 Requires LTSS -- -- --
Wind River Linux 7 Requires LTSS -- -- --
Wind River Linux LTS 21 Fixed LIN1021-8756
10.21.20.24 --
Wind River Linux LTS 22 Fixed LIN1022-8169
10.22.33.16(hotfix) --
Wind River Linux LTS 18 Requires LTSS -- -- --
Wind River Linux LTS 19 Investigating -- -- --
Wind River Linux CD release N/A -- -- --
Wind River Linux 6 Requires LTSS -- -- --
Wind River Linux LTS 23 Fixed LIN1023-5433
10.23.30.11 --
Wind River Linux LTS 24 Fixed LIN1024-934
10.24.33.1 --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --
Helix Virtualization Platform Cert Edition
Helix Virtualization Platform Cert Edition Not Vulnerable -- -- --
eLxr
eLxr 12 Fixed -- 1:2.39.5-0+deb12u1 --
Wind River Studio Cloud Platform

Related Products

Product Name Status Defect Fixed Downloads

Notes
Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online