Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EGit / JGit » CVE-2022-41903, and CVE-2022-23521
CVE-2022-41903, and CVE-2022-23521 [message #1857186] Mon, 23 January 2023 13:27 Go to next message
Paulo F is currently offline Paulo FFriend
Messages: 1
Registered: January 2023
Junior Member
Good Morning guys.
Is JGit also susceptible to these vulnerabilities?

Can't post URL:

www.bleepingcomputer.com/news/security/git-patches-two-critical-remote-code-execution-security-flaws/
github.blog/2023-01-17-git-security-vulnerabilities-announced-2/

Report message to a moderator

Re: CVE-2022-41903, and CVE-2022-23521 [message #1857188 is a reply to message #1857186] Mon, 23 January 2023 14:43 Go to previous message
Ed Merks is currently offline Ed MerksFriend
Messages: 33141
Registered: July 2009
Senior Member
JGit is written purely in Java so it is not possible to arbitrarily corrupt memory (or the heap) as is possible in native git's C/C++ implementation which is exploited in the CVEs you mention.

Ed Merks
Professional Support: https://www.macromodeling.com/

Report message to a moderator

Previous Topic:How to set GIT_LFS_SKIP_SMUDGE=1 for CloneCommand
Next Topic:Git-upload-pack not permitted on Github
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Apr 26 04:19:35 GMT 2024

Powered by FUDForum. Page generated in 0.03889 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly