CVE-2022-37172

Name of the Vulnerable Software and Affected Versions Msys2 versions v20220603 and below

Description The issue is related to incorrect access control in the install directory of Msys2, specifically C:msys64, which allows authenticated attackers to execute arbitrary code by overwriting binaries located in the directory.

Recommendations For Msys2 versions v20220603 and below, consider restricting access to the C:msys64 directory to prevent unauthorized modifications to binaries until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.