CVE-2023-49568

HIGH

go-git < 5.11.0 - Denial of Service via Crafted Git Server Response

Title source: llm

Description

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli.

References (1)

Core 1

Core References

Vendor Advisory

https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r

Scores

CVSS v3 7.5

EPSS 0.0070

EPSS Percentile 48.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (3)

go-git/go-git 0 - 5.11.0Go

go-git_project/go-git 4.0.0 - 5.11.0

src-d/go-git.v4 4.7.1Go

Published Jan 12, 2024

Tracked Since Feb 18, 2026