Gitoxide SHA-1 Collision Vulnerability Allowing Integrity Violations

A vulnerability exists in Gitoxide versions prior to 0.42.0, where the application uses SHA-1 hash implementations from the sha1_smol or sha1 crate without any collision detection. This oversight leaves Gitoxide susceptible to hash collision attacks, allowing two distinct Git objects to be created with colliding SHA-1 hashes. Such collisions would disrupt the Git object model and integrity checks within Gitoxide. The vulnerability arises because Gitoxide does not implement any mitigations against SHA-1 collisions, unlike standard Git, which has begun transitioning to SHA-256 hashes.

Impact

Exploitation of this vulnerability could lead to the creation of two Git objects with the same SHA-1 hash, breaking the integrity of the Git object model in Gitoxide. This could allow an attacker to disguise malicious content in a repository or exploit assumptions in programs that use Gitoxide, potentially leading to further vulnerabilities.

Reproduction

The vulnerability can be reproduced by using a program that leverages the sha1_checked crate to create a collision with the SHAttered attack. This program can generate a Git object ID from a file using the vulnerable SHA-1 implementation, and then use the collision-detecting version of the SHA-1 function to demonstrate that the same hash can be produced by two different files, thereby illustrating the collision vulnerability.

Remediation

Users can upgrade to Gitoxide version 0.42.0 or later to address this vulnerability. For those using Gitoxide as a library, the same versioning applies.