5 matches found
CVE-2026-47734
A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. A remote attacker with push access to a Dulwich-based Git server could send a specially crafted thin pack. This crafted pack, with a manipulated delta header, would cause the server to allocate excessive...
EUVD-2026-36193
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack /...
CVE-2026-47734 Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack /...
GHSA-XRVJ-V92F-53GJ Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
Impact An uncontrolled-resource-consumption memory exhaustion denial-of-service vulnerability CWE-400 / CWE-789. A client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack / applydelta, it would...
PT-2026-47590
Impact An uncontrolled-resource-consumption memory exhaustion denial-of-service vulnerability CWE-400 / CWE-789. A client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge dest size. When dulwich ingested it via add thin pack / apply delta, it would...