PT-2025-28649 · Git +4 · Git +4

Dgl

·

Published

2025-07-08

·

Updated

2025-07-27

·

CVE-2025-48386

Report an issue
CVSS v2.0
7.8
VectorAV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions:

Git versions prior to 2.43.7

Git versions prior to 2.44.4

Git versions prior to 2.45.4

Git versions prior to 2.46.4

Git versions prior to 2.47.3

Git versions prior to 2.48.2

Git versions prior to 2.49.1

Git versions prior to 2.50.1

Description:

The wincred credential helper in Git does not properly bounds check the available space remaining in a static buffer before appending to it with wcsncat(), leading to potential buffer overflows.

Recommendations:

For versions prior to 2.43.7, update to version 2.43.7 or later.

For versions prior to 2.44.4, update to version 2.44.4 or later.

For versions prior to 2.45.4, update to version 2.45.4 or later.

For versions prior to 2.46.4, update to version 2.46.4 or later.

For versions prior to 2.47.3, update to version 2.47.3 or later.

For versions prior to 2.48.2, update to version 2.48.2 or later.

For versions prior to 2.49.1, update to version 2.49.1 or later.

For versions prior to 2.50.1, update to version 2.50.1 or later.

Fix

Buffer Overflow

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2025-9640
BDU:2025-08692
BIT-GIT-2025-48386
CVE-2025-48386
GHSA-4V56-3XVJ-XVFR
OPENSUSE-SU-2025:15337-1
USN-7626-1
USN-7626-2
USN-7626-3

Affected Products

Alt Linux
Debian
Git
Linuxmint
Ubuntu