CVE-2024-32004

Published: 14 May 2024

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.

Priority

Status

Package	Release	Status
git Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Released (1:2.25.1-1ubuntu3.12)
	jammy	Released (1:2.34.1-1ubuntu1.11)
	mantic	Released (1:2.40.1-1ubuntu1.1)
	noble	Released (1:2.43.0-1ubuntu7.1)
	upstream	Needs triage
	xenial	Needs triage

References

https://www.cve.org/CVERecord?id=CVE-2024-32004
https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
https://git-scm.com/docs/git-clone
https://ubuntu.com/security/notices/USN-6793-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071160

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›