Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in go-git [CVE-2026-33762]

Summary IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in go-git, due to a flaw in the index decoder for format version 4 that fails to validate the path name prefix length before applying it to the previously decoded path name CVE-2026-33762. Go-git is used as pa...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...

go-git missing validation decoding Index v4 files leads to panic

Impact go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This...

OPENSUSE-SU-2025:20130-1 Security update for bash-git-prompt

This update for bash-git-prompt fixes the following issues: - CVE-2025-61659: Fixed an issue where predictable files in /tmp were used for a copy of the git index bsc1247489...

openSUSE 16 Security Update : bash-git-prompt (openSUSE-SU-2025:20130-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2025:20130-1 advisory. - CVE-2025-61659: Fixed an issue where predictable files in /tmp were used for a copy of the git index bsc1247489 Tenable has extracted the preceding...

BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE

Summary bbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE. bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. Impact A user who uses bbo...

EUVD-2025-31584

Malicious code in bioql PyPI...

CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

OESA-2024-1201 rust security update

Rust is a systems programming language focused on three goals:safety, speed,and concurrency.It maintains these goals without having a garbage collector, making it a useful language for a number of use cases other languages are not good at: embedding in other languages, programs with specific spac...

OESA-2024-1188 libgit2 security update

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language which supports C bindings. Security Fixes: libgit2 is a portable C implementation of the Git...

libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add`

...

SUSE CVE-2024-24577

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. There...

DEBIAN-CVE-2024-24577

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. There...

UBUNTU-CVE-2024-24577

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. There...

libgit2 Security Vulnerabilities

libgit2 is a portable, C implementation of the Git core development package. A security vulnerability exists in libgit2. An attacker exploiting this vulnerability with a specially crafted "gitindexadd" input could cause heap corruption, which could lead to the execution of arbitrary code...

PT-2024-1689 · Libgit2 +5 · Libgit2 +5

Name of the Vulnerable Software and Affected Versions: libgit2 versions prior to 1.6.5 libgit2 versions prior to 1.7.2 Description: The issue is related to a heap corruption vulnerability in the has dir name function in src/libgit2/index.c, which can be exploited for arbitrary code execution. Thi...