313 matches found
CVE-2026-33762
go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...
CVE-2026-33762 go-git: Missing validation decoding Index v4 files leads to panic
go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...
EUVD-2026-17443
go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...
CVE-2026-34165 go-git: Maliciously crafted idx file can cause asymmetric memory consumption
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
CVE-2026-34165
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
CVE-2026-34165
The connected advisory details a vulnerability in the go-git project where a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting memory and causing a DoS. Exploitation requires write access to the local repository’s .git directory to create or modify .idx...
CVE-2026-34165
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
CVE-2026-34165 go-git: Maliciously crafted idx file can cause asymmetric memory consumption
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
CVE-2026-34165 go-git: Maliciously crafted idx file can cause asymmetric memory consumption
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
go-git 安全漏洞
go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.17.1 contained a security vulnerability. This vulnerability stemmed from a specially crafted .idx file, which could lead to asymmetric memory consumption, potentially exhausting...
go-git 输入验证错误漏洞
go-git is an open-source, highly scalable Git implementation written entirely in Go. Prior to version 5.17.1, go-git had a vulnerability related to input validation errors. This vulnerability stemmed from the index decoder not verifying the length of the application path name prefix, which could...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of .idx files. An attacker with write access to the local repository's .git directory can exhaust system memory by introducing a maliciously crafted .idx file int...
GHSA-JHF3-XXHW-2WPP go-git: Maliciously crafted idx file can cause asymmetric memory consumption
Impact A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service DoS condition. Exploitation requires write access to the local repository's .git directory, it...
go-git: Maliciously crafted idx file can cause asymmetric memory consumption
Impact A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service DoS condition. Exploitation requires write access to the local repository's .git directory, it...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...
GHSA-GM2X-2G9H-CCM8 go-git missing validation decoding Index v4 files leads to panic
Impact go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This...
PT-2026-29159
Name of the Vulnerable Software and Affected Versions go-git versions 5.0.0 through 5.17.0 Description A crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service DoS condition. Exploitation requires write access to the...
PT-2026-29156
Name of the Vulnerable Software and Affected Versions go-git versions prior to 5.17.1 Description The go-git library’s index decoder for Git index format version 4 does not properly validate the path name prefix length before applying it to the previously decoded path name. A specially crafted...
ROS-20260327-73-0012
Vulnerability in go-git related to lack of integrity checking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...