DEBIAN-CVE-2025-48384

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-48384

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-48384.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-48384

Upstream

CVE-2025-48384

Published

2025-07-08T19:15:42Z

Modified

2025-09-25T02:29:23.937060Z

Summary

[none]

Details

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

References

https://security-tracker.debian.org/tracker/CVE-2025-48384

Affected packages

Debian:11 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.30.2-1

1:2.30.2-1+deb11u1

1:2.30.2-1+deb11u2

1:2.30.2-1+deb11u3

1:2.30.2-1+deb11u4

1:2.31.0~rc2+next.20210304-1

1:2.31.0~rc2+next.20210309-1

1:2.31.0-1

1:2.31.0+next.20210315-1

1:2.31.1-1

1:2.31.1+next.20210417-1

1:2.31.1+next.20210514-1

1:2.32.0~rc0-1

1:2.32.0~rc0+next.20210520-1

1:2.32.0~rc2-1

1:2.32.0~rc2+next.20210531-1

1:2.32.0-1

1:2.32.0+next.20210606-1

1:2.33.0-1

1:2.33.0+next.20210816-1

1:2.33.0+next.20210901-1

1:2.33.0+next.20210929-1

1:2.33.1-1

1:2.33.1+next.20211025-1

1:2.34.0-1

1:2.34.0+next.20211119-1

1:2.34.1-1~bpo11+1

1:2.34.1-1

1:2.34.1+next.20211124-1

1:2.34.1+next.20211202-1

1:2.34.1+next.20211221-1

1:2.34.1+next.20211227-1

1:2.35.1-1

1:2.35.1+next.20220128-1

1:2.35.1+next.20220211-1

1:2.35.2-1

1:2.36.0~rc2+next.20220411-1

1:2.36.0~rc2+next.20220414-1

1:2.36.0-1

1:2.36.0+next.20220417-1

1:2.36.0+next.20220428-1

1:2.36.0+next.20220504-1

1:2.36.1-1

1:2.36.1+next.20220505-1

1:2.37.2-1

1:2.37.2+next.20220812-1

1:2.38.1-1

1:2.38.1+next.20221031-1

1:2.39.0-1

1:2.39.0+next.20221212-1

1:2.39.0+next.20221220-1

1:2.39.1-0.1~bpo11+1

1:2.39.1-0.1

1:2.39.2-1~bpo11+1

1:2.39.2-1

1:2.39.2-1.1

1:2.39.2+next.20230215-1

1:2.40.0-1

1:2.40.0-1+alpha.1

1:2.40.0+next.20230313-1

1:2.40.0+next.20230319-1

1:2.40.1-1

1:2.40.1-1+alpha.1

1:2.40.1+next.20230424-1

1:2.40.1+next.20230427-1

1:2.42.0-1

1:2.43.0-1

1:2.43.0-1+alpha.2

1:2.43.0+next.20231120-1

1:2.43.0+next.20240104-1

1:2.45.1-1

1:2.45.1+next.20240516-1

1:2.45.2-1

1:2.45.2-1+alpha.1

1:2.45.2-1.1

1:2.45.2-1.1+alpha.1

1:2.45.2-1.2

1:2.45.2-1.3

1:2.45.2+next.20240614-1

1:2.47.1-1

1:2.47.2-0.1

1:2.47.2-0.2

1:2.48.0~rc1+next.20250101-1

1:2.49.0-1

1:2.49.0-2

1:2.49.0-3

1:2.49.0+next.20250314-1

1:2.50.0~rc0+next.20250528-1

1:2.50.0-1

1:2.50.0+next.20250615-1

1:2.50.1-0.1

1:2.51.0-1

1:2.51.0+next.20250825-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.39.2-1.1

1:2.39.2+next.20230215-1

1:2.39.5-0+deb12u1

1:2.39.5-0+deb12u2

1:2.40.0-1

1:2.40.0-1+alpha.1

1:2.40.0+next.20230313-1

1:2.40.0+next.20230319-1

1:2.40.1-1

1:2.40.1-1+alpha.1

1:2.40.1+next.20230424-1

1:2.40.1+next.20230427-1

1:2.42.0-1

1:2.43.0-1

1:2.43.0-1+alpha.2

1:2.43.0+next.20231120-1

1:2.43.0+next.20240104-1

1:2.45.1-1

1:2.45.1+next.20240516-1

1:2.45.2-1

1:2.45.2-1+alpha.1

1:2.45.2-1.1

1:2.45.2-1.1+alpha.1

1:2.45.2-1.2

1:2.45.2-1.3

1:2.45.2+next.20240614-1

1:2.47.1-1

1:2.47.2-0.1

1:2.47.2-0.2

1:2.48.0~rc1+next.20250101-1

1:2.49.0-1

1:2.49.0-2

1:2.49.0-3

1:2.49.0+next.20250314-1

1:2.50.0~rc0+next.20250528-1

1:2.50.0-1

1:2.50.0+next.20250615-1

1:2.50.1-0.1

1:2.51.0-1

1:2.51.0+next.20250825-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.47.3-0+deb13u1

Affected versions

1:2.*

1:2.47.2-0.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.50.1-0.1

Affected versions

1:2.*

1:2.47.2-0.2

1:2.48.0~rc1+next.20250101-1

1:2.49.0-1

1:2.49.0-2

1:2.49.0-3

1:2.49.0+next.20250314-1

1:2.50.0~rc0+next.20250528-1

1:2.50.0-1

1:2.50.0+next.20250615-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}