Debian Golang-Github-Go-Git-Go-Git vulnerabilities

CVE-2026-25934 [MEDIUM] CVE-2026-25934: golang-github-go-git-go-git - go-git is a highly extensible git implementation library written in pure Go. Pri... go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not

CVE-2026-34165 [MEDIUM] CVE-2026-34165: golang-github-go-git-go-git - go-git is an extensible git implementation library written in pure Go. From vers... go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requi

CVE-2026-33762 [LOW] CVE-2026-33762: golang-github-go-git-go-git - go-git is an extensible git implementation library written in pure Go. Prior to ... go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic

CVE-2025-21613 [CRITICAL] CVE-2025-21613: golang-github-go-git-go-git - go-git is a highly extensible git implementation library written in pure Go. An ... go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being u

CVE-2025-21614 [HIGH] CVE-2025-21614: golang-github-go-git-go-git - go-git is a highly extensible git implementation library written in pure Go. A d... go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git cl

CVE-2023-49569 [CRITICAL] CVE-2023-49569: golang-github-go-git-go-git - A path traversal vulnerability was discovered in go-git versions prior to v5.11.... A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy

CVE-2023-49568 [HIGH] CVE-2023-49568: golang-github-go-git-go-git - A denial of service (DoS) vulnerability was discovered in go-git versions prior ... A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git a