PT-2025-28649 · Git+4 · Git+4

Dgl

·

Published

2025-07-08

·

Updated

2025-10-09

·

CVE-2025-48386

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.43.7 Git versions prior to 2.44.4 Git versions prior to 2.45.4 Git versions prior to 2.46.4 Git versions prior to 2.47.3 Git versions prior to 2.48.2 Git versions prior to 2.49.1 Git versions prior to 2.50.1
Description: The wincred credential helper in Git does not properly bounds check the available space remaining in a static buffer before appending to it with wcsncat(), leading to potential buffer overflows.
Recommendations: For versions prior to 2.43.7, update to version 2.43.7 or later. For versions prior to 2.44.4, update to version 2.44.4 or later. For versions prior to 2.45.4, update to version 2.45.4 or later. For versions prior to 2.46.4, update to version 2.46.4 or later. For versions prior to 2.47.3, update to version 2.47.3 or later. For versions prior to 2.48.2, update to version 2.48.2 or later. For versions prior to 2.49.1, update to version 2.49.1 or later. For versions prior to 2.50.1, update to version 2.50.1 or later.

Exploit

Fix

Buffer Overflow

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2025-10893
ALT-PU-2025-9420
ALT-PU-2025-9640
BDU:2025-08692
BIT-GIT-2025-48386
CVE-2025-48386
ECHO-5B87-846D-45A5
GHSA-4V56-3XVJ-XVFR
OESA-2025-1792
OESA-2025-1793
OESA-2025-1844
OESA-2025-1845
OESA-2025-1846
OESA-2025-1847
OPENSUSE-SU-2025:15337-1
SUSE-SU-2025:20721-1
SUSE-SU-2025:20855-1
USN-7626-1
USN-7626-2
USN-7626-3

Affected Products

Alt Linux
Debian
Git
Linuxmint
Ubuntu