CVE-2026-45022 go-git: Improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...

CVE-2026-45022

CVE-2026-45022 affects the Go Git library, go-git, where prior to v5.19.0 and v6.0.0-alpha.3 it may parse malformed commit/tag objects differently from upstream Git. The decoded representation can expose values differently and the commit signing/verification may operate on reconstructed data rath...

GHSA-389R-GV7P-R3RP go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git

Impact go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose values differently from how Git itself would interpret or reject the same object. Additionally,...

AZL-33892 CVE-2023-49568 affecting package packer for versions less than 1.9.5-3

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

CVE-2023-49568

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

Design/Logic Flaw

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

CVE-2023-49568

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

ALPINE-CVE-2021-29468

Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on...

Security fix for the ALT Linux 9 package NetworkManager version 1.14.5-alt1.gitba83251bba87

Nov. 1, 2018 Mikhail Efremov 1.14.5-alt1.gitba83251bba87 - Upstream git snapshot nm-1-14 branch fixes: CVE-2018-15688...

Systemd 228 (SUSE 12 SP2 Ubuntu Touch 15.04) - Local Privilege Escalation

Systemd 228 SUSE 12 SP2 Ubuntu Touch 15.04 - Local Privilege Escalation / source: http://www.openwall.com/lists/oss-security/2017/01/24/4 This is a heads up for a trivial systemd local root exploit, that was silently fixed in the upstream git as: commit 06eeacb6fe029804f296b065b3ce91e796e1cd0e...

Security fix for the ALT Linux 7 package NetworkManager version 0.9.8.10-alt1.M70P.2.git20150519

0.9.8.10-alt1.M70P.2.git20150519 built April 20, 2016 Mikhail Efremov in task 163202 April 14, 2016 Mikhail Efremov - keyfile: fix temporary file races CVE-2016-0764. - Upstream git snapshot nm-0-9-8 branch...

Fedora 20 : icecream-1.0.1-8.20140822git.fc20 (2014-10468)

This updates icecream to the current version from upstream git repository. It drops the bundled minilzo library, which had a vulnerability. Instead the system lzo library is used. CVE-2014-4607 Note that Tenable Network Security has extracted the preceding description block directly from the Fedo...

Fedora 16 : android-tools-20120510gitd98c87c-1.fc16 (2012-7677)

Update to upstream git commit d98c87c - Added more udev devices - Resolves: rhbz 819292 secure udev permissions Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...