CVE-2015-7545

CRITICAL

Git < 2.3.10, 2.4.x < 2.4.10, 2.5.x < 2.5.4, 2.6.x < 2.6.1 - Remote Code Execution via Remote Helper Protocols

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7545. PoCs published by avuserow.

AI-analyzed exploit summary The repository contains only a minimal README with a CVE reference and no actual exploit code or technical details. It appears to be a placeholder or stub.

Description

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.

Exploits (1)

nomisec STUB 2 stars
by avuserow · poc
https://github.com/avuserow/bug-free-chainsaw

The repository contains only a minimal README with a CVE reference and no actual exploit code or technical details. It appears to be a placeholder or stub.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (21)

Core 21
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2515.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-11/msg00066.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201605-01
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/12/08/5
Various Sources mailing-list x_refsource_mlist
https://lkml.org/lkml/2015/10/5/683
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034501
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1269794
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2835-1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/12/11/7
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/78711
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/12/09/8
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3435

Scores

CVSS v3 9.8
EPSS 0.3125
EPSS Percentile 96.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20 CWE-284
Status published
Products (23)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.04
canonical/ubuntu_linux 15.10
git_project/git 2.4.0
git_project/git 2.4.1
git_project/git 2.4.2
git_project/git 2.4.3
git_project/git 2.4.4
git_project/git 2.4.5
... and 13 more
Published Apr 13, 2016
Tracked Since Feb 18, 2026