PT-2026-29159 · Go-Git · Go-Git

·

CVE-2026-34165

·

Published

2026-03-30

·

Updated

2026-06-08

CVSS v3.1

5.0

Medium

VectorAV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions go-git versions 5.0.0 through 5.17.0
Description A crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory to create or alter existing .idx files.
Recommendations Upgrade to version 5.17.1 or later.

Exploit

Fix

Integer Underflow

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CLEANSTART-2026-BU65096
CLEANSTART-2026-DQ17669
CLEANSTART-2026-ET12387
CLEANSTART-2026-FV86809
CLEANSTART-2026-GN78570
CLEANSTART-2026-HO16255
CLEANSTART-2026-JG72006
CLEANSTART-2026-LO26058
CLEANSTART-2026-LU21824
CLEANSTART-2026-ML41879
CLEANSTART-2026-NR54556
CLEANSTART-2026-NT80635
CLEANSTART-2026-PD78752
CLEANSTART-2026-TT42218
CLEANSTART-2026-VT65447
CLEANSTART-2026-WF25734
CLEANSTART-2026-YZ90223
CVE-2026-34165
GHSA-JHF3-XXHW-2WPP
GO-2026-4910
OPENSUSE-SU-2026:10509-1
OPENSUSE-SU-2026:10684-1

Affected Products

Go-Git