Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-v445-ya31-sya2
Vulnerability ID VCID-v445-ya31-sya2
Aliases CVE-2022-23521
Summary git: gitattributes parsing integer overflow
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23521.json
epss 0.09438 https://api.first.org/data/v1/epss?cve=CVE-2022-23521
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.8 https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
ssvc Track https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
cvssv3.1 9.8 https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
ssvc Track https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
cvssv3.1 9.8 https://security.gentoo.org/glsa/202312-15
ssvc Track https://security.gentoo.org/glsa/202312-15
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23521.json
https://api.first.org/data/v1/epss?cve=CVE-2022-23521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41903
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1029114 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029114
2162055 https://bugzilla.redhat.com/show_bug.cgi?id=2162055
508386c6c5857b4faa2c3e491f422c98cc69ae76 https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
GHSA-c738-c5qq-xg89 https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
GLSA-202312-15 https://security.gentoo.org/glsa/202312-15
RHSA-2023:0596 https://access.redhat.com/errata/RHSA-2023:0596
RHSA-2023:0597 https://access.redhat.com/errata/RHSA-2023:0597
RHSA-2023:0599 https://access.redhat.com/errata/RHSA-2023:0599
RHSA-2023:0609 https://access.redhat.com/errata/RHSA-2023:0609
RHSA-2023:0610 https://access.redhat.com/errata/RHSA-2023:0610
RHSA-2023:0611 https://access.redhat.com/errata/RHSA-2023:0611
RHSA-2023:0627 https://access.redhat.com/errata/RHSA-2023:0627
RHSA-2023:0628 https://access.redhat.com/errata/RHSA-2023:0628
RHSA-2023:0978 https://access.redhat.com/errata/RHSA-2023:0978
RHSA-2023:1677 https://access.redhat.com/errata/RHSA-2023:1677
USN-5810-1 https://usn.ubuntu.com/5810-1/
USN-5810-3 https://usn.ubuntu.com/5810-3/
USN-5810-4 https://usn.ubuntu.com/5810-4/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23521.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:25Z/ Found at https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:25Z/ Found at https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202312-15
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:25Z/ Found at https://security.gentoo.org/glsa/202312-15
Exploit Prediction Scoring System (EPSS)
Percentile 0.92936
EPSS Score 0.09438
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:10:09.426001+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23521.json 38.6.0