Experience the power of our SaaS-based platform today by signing up for a Free Trial

GitLab releases new CE and EE versions to address integer overflow vulnerabilities

Threat Advisories

GitLab releases new CE and EE versions to address integer overflow vulnerabilities

Threat Level
Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in arbitrary heap writes and remote code execution. Additionally, there is another security issue named CVE-2022-23521, which is an integer overflow in ‘.gitattributes’ that can result in arbitrary heap reads and writes, and remote code execution.

Sign up to receive our Weekly Threat Digest