CVE-2025-21614

High CVSS: 7.5

go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.

Vendor

Go-git Project

Product

Go-git

CWE

CWE-400

Yayın Tarihi

2025-01-06 17:15:47

Güncelleme

2025-09-30 15:24:48

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-400 Go-git HIGH Go-git Project 2025

Referanslar

https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4

Benzer Kayıtlar

Medium

CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vu…

Low

CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder f…

Medium

CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discov…

Critical

CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was dis…