CVE-2024-50338: Git Credential Manager Exposes Credentials Due to Mismatched Newline Handling

Content: The Git Credential Manager (GCM) is an essential tool for developers worldwide, as it provides a secure Git credential helper that works with various platforms, such as Windows, macOS, and Linux. However, it was identified that there is a potential vulnerability (CVE-2024-50338) related to the handling of newline characters in the communication between Git and GCM. This vulnerability may allow unauthorized access to a user's Git credentials by exploiting the inconsistency between Git and GCM's newline character handling.

Exploiting this vulnerability relies on the fact that Git and GCM use different methods for reading newline characters when processing the key=value inputs of the Git credential protocol. Git reads the input by calling the strbuf_getline function, which in turn calls strbuf_getdelim_strip_crlf. This effectively restricts newline characters to LF and CRLF, as Git also validates that a newline is only present in the LF form (\n). On the other hand, GCM utilizes the .NET standard library's StreamReader class and its ReadLineAsync method, which considers CR, LF, and CRLF as valid line endings. Consequently, CR is treated as a valid newline character in GCM, but not in Git.

public async Task<Credential> ReadAsync(StreamReader reader)
{
    ...
    string line;
    while ((line = await reader.ReadLineAsync().ConfigureAwait(false)) != null)
    {
        ...
    }
}

Because of this mismatch in newline handling, an attacker can create a malicious remote URL that involves the Git credential protocol key=value pairs. When a user clones or interacts with the malicious repository, the attacker could potentially intercept the user's credentials for other Git remotes. Moreover, the risk of this vulnerability increases for repositories containing submodules, especially when using the --recursive clone option, as it does not allow the user to inspect submodule URLs.

To mitigate this vulnerability, users should upgrade the Git Credential Managers to version 2.6.1 or higher, which applies the necessary patch for secure newline handling. If upgrading is not possible, users should limit interactions to trusted remote repositories and avoid using --recursive cloning to ensure inspection of submodule URLs.

For more information and original references, please visit

- CVE-2024-50338
- Git Credential Manager Advisory
- Git Protocol Documentation
- Stack Overflow Discussion on Git Newlines

Please ensure that you remain vigilant when working with Git repositories and always prioritize your security by keeping your tools and applications up-to-date.

Timeline

Published on: 01/14/2025 19:15:31 UTC