CVE-2025-21614
HIGHgo-git < 5.13.0 - Denial of Service via Crafted Git Server Response
Title source: llmDescription
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4
Scores
CVSS v3
7.5
EPSS
0.0070
EPSS Percentile
48.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (4)
go-git/go-git
0 - 5.13.0Go
go-git/go-git
4.0.0Go
go-git_project/go-git
< 5.13.0
src-d/go-git.v4
4.0.0Go
Published
Jan 06, 2025
Tracked Since
Feb 18, 2026