VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-6uub-fxap-pbfa

Essentials
Severities (18)
References (27)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6uub-fxap-pbfa
Aliases	CVE-2022-23521
Summary	Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23521.json
epss	0.12292	https://api.first.org/data/v1/epss?cve=CVE-2022-23521
epss	0.12292	https://api.first.org/data/v1/epss?cve=CVE-2022-23521
epss	0.12292	https://api.first.org/data/v1/epss?cve=CVE-2022-23521
epss	0.12292	https://api.first.org/data/v1/epss?cve=CVE-2022-23521
epss	0.12292	https://api.first.org/data/v1/epss?cve=CVE-2022-23521
epss	0.12292	https://api.first.org/data/v1/epss?cve=CVE-2022-23521
epss	0.12292	https://api.first.org/data/v1/epss?cve=CVE-2022-23521
epss	0.12292	https://api.first.org/data/v1/epss?cve=CVE-2022-23521
epss	0.12292	https://api.first.org/data/v1/epss?cve=CVE-2022-23521
epss	0.12292	https://api.first.org/data/v1/epss?cve=CVE-2022-23521
cvssv3.1	7.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.8	https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
ssvc	Track	https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
cvssv3.1	9.8	https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
ssvc	Track	https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
cvssv3.1	9.8	https://security.gentoo.org/glsa/202312-15
ssvc	Track	https://security.gentoo.org/glsa/202312-15

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23521.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-23521
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23521
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41903
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1029114		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029114
2162055		https://bugzilla.redhat.com/show_bug.cgi?id=2162055
508386c6c5857b4faa2c3e491f422c98cc69ae76		https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
GHSA-c738-c5qq-xg89		https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
GLSA-202312-15		https://security.gentoo.org/glsa/202312-15
RHSA-2023:0596		https://access.redhat.com/errata/RHSA-2023:0596
RHSA-2023:0597		https://access.redhat.com/errata/RHSA-2023:0597
RHSA-2023:0599		https://access.redhat.com/errata/RHSA-2023:0599
RHSA-2023:0609		https://access.redhat.com/errata/RHSA-2023:0609
RHSA-2023:0610		https://access.redhat.com/errata/RHSA-2023:0610
RHSA-2023:0611		https://access.redhat.com/errata/RHSA-2023:0611
RHSA-2023:0627		https://access.redhat.com/errata/RHSA-2023:0627
RHSA-2023:0628		https://access.redhat.com/errata/RHSA-2023:0628
RHSA-2023:0978		https://access.redhat.com/errata/RHSA-2023:0978
RHSA-2023:1677		https://access.redhat.com/errata/RHSA-2023:1677
USN-5810-1		https://usn.ubuntu.com/5810-1/
USN-5810-3		https://usn.ubuntu.com/5810-3/
USN-5810-4		https://usn.ubuntu.com/5810-4/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23521.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:25Z/ Found at https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:25Z/ Found at https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202312-15

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:25Z/ Found at https://security.gentoo.org/glsa/202312-15

Exploit Prediction Scoring System (EPSS)

Percentile	0.93831
EPSS Score	0.12292
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:11:49.799005+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/202312-15	38.0.0