GitLab releases new CE and EE versions to address integer overflow vulnerabilities

January 19, 2023

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in arbitrary heap writes and remote code execution. Additionally, there is another security issue named CVE-2022-23521, which is an integer overflow in ‘.gitattributes’ that can result in arbitrary heap reads and writes, and remote code execution.

GitLab releases new CE and EE versions to address integer overflow vulnerabilities

Threat Level

Vulnerability Report

Summary

Middle East targeted by Earth Bogle using NjRAT malware

Kasablanka Group Launches Phishing Campaigns Targeting Russian Government Entities

Recent Posts