PT-2025-1015 · Go-Git+9 · Go-Git+9

Bdilalu

Published

2025-01-06

Updated

2026-03-12

CVE-2025-21614

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5.13

Description A denial of service (DoS) vulnerability was discovered in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients.

Recommendations For versions prior to v5.13, upgrade to v5.13 to mitigate this vulnerability. As a temporary workaround, consider limiting the use of go-git to only trustworthy Git servers until a patch is available.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400CWE-20

Related Identifiers

ALSA-2025:0401

ALSA-2025_16880

AZL-55063

AZL-55073

AZL-55079

AZL-55106

BDU:2025-00211

CESA-2025_0401

CVE-2025-21614

ECHO-7B33-48F3-C82A

GHSA-R9PX-M959-CXF4

GO-2025-3367

INFSA-2025_0401

OPENSUSE-SU-2025:0056-1

OPENSUSE-SU-2025:14624-1

OPENSUSE-SU-2025:14634-1

OPENSUSE-SU-2025:15487-1

OPENSUSE-SU-2025:20117-1

OPENSUSE-SU-2025:20177-1

OPENSUSE-SU-2025_0060-1

OPENSUSE-SU-2026:20798-1

RHSA-2025:0401

RHSA-2025:0662

RHSA-2025_0401

RLSA-2025:0401

SUSE-SU-2025:0060-1

USN-8088-1

Affected Products

Almalinux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Go-Git

PT-2025-1015 · Go-Git+9 · Go-Git+9

CVE-2025-21614

Weakness Enumeration

Related Identifiers

Affected Products

References · 116