PT-2026-29159 · Go-Git · Go-Git

Kq5Y

Publicado

2026-03-30

Atualizado

2026-05-18

CVE-2026-34165

CVSS v3.1

5.0

Média

Vetor

AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions go-git versions 5.0.0 through 5.17.0

Description A crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory to create or alter existing .idx files.

Recommendations Upgrade to version 5.17.1 or later.

Exploit

Correção

Allocation of Resources Without Limits

Integer Underflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-191

Identificadores relacionados

CLEANSTART-2026-BU65096

CLEANSTART-2026-DQ17669

CLEANSTART-2026-ET12387

CLEANSTART-2026-FV86809

CLEANSTART-2026-GN78570

CLEANSTART-2026-JG72006

CLEANSTART-2026-LO26058

CLEANSTART-2026-LU21824

CLEANSTART-2026-ML41879

CLEANSTART-2026-NR54556

CLEANSTART-2026-NT80635

CLEANSTART-2026-TT42218

CLEANSTART-2026-VT65447

CVE-2026-34165

GHSA-JHF3-XXHW-2WPP

GO-2026-4910

OPENSUSE-SU-2026:10509-1

OPENSUSE-SU-2026:10684-1

Produtos afetados

Go-Git

PT-2026-29159 · Go-Git · Go-Git

CVE-2026-34165

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 175