PT-2026-29159 · Go-Git · Go-Git
CVSS v3.1
5.0
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
go-git versions 5.0.0 through 5.17.0
Description
A crafted
.idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory to create or alter existing .idx files.Recommendations
Upgrade to version 5.17.1 or later.
Exploit
Fix
Integer Underflow
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Go-Git