CVE-2022-3290 Inconsistent handling of length parameter in GitHub repository ikus060/rdiffweb before 2.4.8.
Cause The length fields of a commit object are not constrained to the length of a single object. Therefore, commits can be larger than 1,048,576 bytes. When a repository is pushed to a remote server, the receiving server may process the commit object differently than the origin server. If the receiving server has a different length for the commit object, it will result in a different length for the pushed commit object. This can cause problems when pushing to a remote server as the receiving server may process the commits differently than the origin server. Resolution The length of a commit object can be changed by setting the --length or -l option. Examples of valid commit sizes are 1,048,576, 2,097,152, 4,194,287, and 5,534,774.
CVE-2023-3256
Cause The length fields of a commit object are not constrained to the length of a single object. Therefore, commits can be larger than 1,048,576 bytes. When a repository is pushed to a remote server, the receiving server may process the commit object differently than the origin server. If the receiving server has a different length for the commit object, it will result in a different length for the pushed commit object. This can cause problems when pushing to a remote server as the receiving server may process the commits differently than the origin server. Resolution The length of a commit object can be changed by setting the --length or -l option. Examples of valid commit sizes are 1,048,576, 2,097,152, 4,194,287, and 5,534,774.
Common Problems and Solutions
Common Problems:
- Remote repository is not accepting commits from origin
- Origin repository is unrecognized due to wrong URL
- Repository has been deleted or no longer exists
Solutions:
- Make sure the remote repository has the same protocol version as the origin. If not, upgrade the remote repository by pushing a new version (this may require a manual rebase).
- Update the URL to be recognized by the origin repository
CVE-2023-3289
Cause The length fields of a commit object are not constrained to the length of a single object. Therefore, commits can be larger than 1,048,576 bytes. When a repository is pushed to a remote server, the receiving server may process the commit object differently than the origin server. If the receiving server has a different length for the commit object, it will result in a different length for the pushed commit object. This can cause problems when pushing to a remote server as the receiving server may process the commits differently than the origin server. Resolution The length of a commit object can be changed by setting the --length or -l option. Examples of valid commit sizes are 1,048,576, 2,097,152, 4,194,287, and 5,534,774.
Timeline
Published on: 09/26/2022 19:15:00 UTC
Last modified on: 09/28/2022 13:54:00 UTC