CVE-2025-48386

The CVE-2025-48386 issue affects Git’s wincred credential helper, where a static buffer is not properly bounds-checked before appending with wcsncat(), risking a buffer overflow. Publicly documented fixes exist across multiple versions (e.g., v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, ...

CVE-2025-48386 Git allows a buffer overflow in 'wincred' credential helper

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This...

CVE-2025-48386

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This...

GitHub: CVE-2025-48386 Git Credential Helper Vulnerability

CVE-2025-48386 is regarding a vulnerability in Git where the wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending...

PT-2025-28649 · Git +4 · Git +4

Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.43.7 Git versions prior to 2.44.4 Git versions prior to 2.45.4 Git versions prior to 2.46.4 Git versions prior to 2.47.3 Git versions prior to 2.48.2 Git versions prior to 2.49.1 Git versions prior to 2.50.1 Descriptio...

CVE-2016-2315

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, leading to a heap-based buffer overflow...