Git allows a buffer overflow in 'wincred' credential helper

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

Git 安全漏洞

Git是Git开源的一套免费、开源的分布式版本控制系统。 Git存在安全漏洞，该漏洞源于未正确检查缓冲区中剩余的可用空间是否充足，这可能导致潜在的缓冲区溢出问题。

N/A

N/A