CVE-2024-52006: Git Line-Based Protocol Security Flaw Due to Single Carriage Return Interpretation

Git, a widely-used distributed revision control system, has been found to have a security vulnerability due to the interpretation of single Carriage Return characters as newlines in specific ecosystems, such as .NET and node.js. This flaw renders the protections against the previously reported CVE-202-526 incomplete for Git credential helpers that treat Carriage Returns in this manner.

Details

Git's line-based protocol is designed to exchange information between Git and its credential helpers securely. However, when certain ecosystems (e.g., .NET or node.js) interpret single Carriage Return characters as newlines, it causes an incomplete protection scenario for Git operations, such as cloning repositories that may contain potentially malicious code. This issue has been tagged as CVE-2024-52006 and affects several Git versions released prior to the patch.

To address this issue, the Git team has released a commit b01b9b8 that is included in the following release versions:

v2.40.4

The patch modifies the Git code to handle single Carriage Return characters correctly and prevents potential attacks exploiting this vulnerability for the affected ecosystems.

Here is an example of the changes made to the Git code for fixing this issue

// Before patch (vulnerable)
int git_parse_value(char **value)
{
  return parse_value(value, &is_newline);
}

// After patch (secure)
int git_parse_value(char **value)
{
  return parse_value(value, &is_carriage_return_newline);
}

Original References

For more information about this vulnerability and the related patch, please refer to the official Git commit and the related CVE report:

- Git commit b01b9b8: https://github.com/git/git/commit/b01b9b8
- CVE report: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52006

Exploit Details

While there are no known active exploits targeting this vulnerability, it is crucial to understand the potential risks associated with it. Malicious actors could set up a Git repository full of carefully crafted files with single Carriage Return line-endings, which would be misinterpreted by affected Git credential helpers and potentially cause unauthorized access or code execution if cloned by a vulnerable Git client.

Recommendations

Users are strongly advised to upgrade their Git clients to the patched versions mentioned earlier as soon as possible. If upgrading is not feasible, it is recommended to avoid cloning repositories from untrusted sources, especially when performing recursive clones. In addition, organizations should enforce policies for using secure versions of Git and raise awareness among their developers about the potential risks associated with this vulnerability.

Timeline

Published on: 01/14/2025 19:15:32 UTC
Last modified on: 01/21/2025 17:15:14 UTC