CVE-2026-34165

CVSS v3.1

5.0

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions go-git versions 5.0.0 through 5.17.0

Description A crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory to create or alter existing .idx files.

Recommendations Upgrade to version 5.17.1 or later.

Exploit

Fix

Allocation of Resources Without Limits

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-191

Related Identifiers

CLEANSTART-2026-BU65096

CLEANSTART-2026-DQ17669

CLEANSTART-2026-ET12387

CLEANSTART-2026-FV86809

CLEANSTART-2026-GN78570

CLEANSTART-2026-JG72006

CLEANSTART-2026-LO26058

CLEANSTART-2026-LU21824

CLEANSTART-2026-ML41879

CLEANSTART-2026-NR54556

CLEANSTART-2026-NT80635

CLEANSTART-2026-TT42218

CLEANSTART-2026-VT65447

CVE-2026-34165

GHSA-JHF3-XXHW-2WPP

GO-2026-4910

OPENSUSE-SU-2026:10509-1

OPENSUSE-SU-2026:10684-1

Affected Products

Go-Git

CVE-2026-34165

Weakness Enumeration

Related Identifiers

Affected Products

References · 175