320 matches found
go-git: Maliciously crafted idx file can cause asymmetric memory consumption
Impact A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service DoS condition. Exploitation requires write access to the local repository's .git directory, it...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...
GHSA-GM2X-2G9H-CCM8 go-git missing validation decoding Index v4 files leads to panic
Impact go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This...
PT-2026-29156
Name of the Vulnerable Software and Affected Versions go-git versions prior to 5.17.1 Description The go-git library’s index decoder for Git index format version 4 does not properly validate the path name prefix length before applying it to the previously decoded path name. A specially crafted...
PT-2026-29159
Name of the Vulnerable Software and Affected Versions go-git versions 5.0.0 through 5.17.0 Description A crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service DoS condition. Exploitation requires write access to the...
ROS-20260327-73-0012
Vulnerability in go-git related to lack of integrity checking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Ubuntu: Security Advisory (USN-8088-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 22.04 LTS / 24.04 LTS : go-git vulnerabilities (USN-8088-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8088-1 advisory. Ionut Lalu discovered that go-git incorrectly handled certain specially crafted Git server responses. An attacker could possibly use this iss...
CLEANSTART-2026-YW12690 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-DZ05206 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-AC12204 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-FF98917 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-cd package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-ER93728 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-DS30740 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-workflows-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-OA82425 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-workflows package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-IA56615 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-workflows package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-DV04077 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-workflows-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
GO-2026-4473 Improper verification of data integrity values for .idx and .pack files in github.com/go-git/go-git
Improper verification of data integrity values for .idx and .pack files in github.com/go-git/go-git...
Gogs 安全漏洞
Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.4 and earlier have security vulnerabilities. These...