CVE-2025-21614

Опубликовано: 06 янв. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.

Релиз	Статус	Примечание
devel	not-affected	5.16.2-1
esm-apps/jammy	released	5.4.2-3ubuntu0.1~esm1
esm-apps/noble	released	5.4.2-4ubuntu0.24.04.3+esm2
esm-infra/focal	DNE
focal	DNE
jammy	needed
noble	needed
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage
questing	not-affected	5.14.0-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 46%

0.00228

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2025-21614

CVSS3: 7.5

redhat

около 1 года назад

CVE-2025-21614

CVSS3: 7.5

nvd

около 1 года назад

CVE-2025-21614

CVSS3: 7.5

msrc

около 1 года назад

go-git clients vulnerable to DoS via maliciously crafted Git server replies

CVE-2025-21614

CVSS3: 7.5

debian

около 1 года назад

go-git is a highly extensible git implementation library written in pu ...

GHSA-r9px-m959-cxf4

CVSS3: 7.5

github

около 1 года назад

go-git clients vulnerable to DoS via maliciously crafted Git server replies

EPSS

Процентиль: 46%

0.00228

Низкий

7.5 High

CVSS3

CVE-2025-21614

Описание

Пакет golang-github-go-git-go-git

Ссылки на источники

Связанные уязвимости