CVE-2024-25817

Name of the Vulnerable Software and Affected Versions eza versions prior to 0.18.2

Description The issue is a Buffer Overflow vulnerability that allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components. This vulnerability seems to be triggered by the .git directory in some projects, and the directory structure also plays a role in triggering the issue. The vulnerability may be related to specific files within this directory.

Recommendations For versions prior to 0.18.2, update to version 0.18.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the .git directory and its components, such as .git/HEAD, .git/refs, and .git/objects, to minimize the risk of exploitation.