GitLab releases new CE and EE versions to address integer overflow vulnerabilities

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in arbitrary heap writes and remote code execution. Additionally, there is another security issue named CVE-2022-23521, which is an integer overflow in ‘.gitattributes’ that can result in arbitrary heap reads and writes, and remote code execution.