CVE-2023-49568

Source
https://cve.org/CVERecord?id=CVE-2023-49568
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49568.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-49568
Aliases
Downstream
Related
Published
2024-01-12T10:36:12.727Z
Modified
2026-07-15T01:48:53.697832008Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Maliciously crafted Git server replies can cause DoS on go-git clients
Details

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.

Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49568.json",
    "cwe_ids": [
        "CWE-20"
    ],
    "cna_assigner": "Bitdefender"
}
References

Affected packages

Git / github.com/go-git/go-git

Affected ranges

Type
GIT
Repo
https://github.com/go-git/go-git
Events
Database specific
{
    "cpe": "cpe:2.3:a:go-git_project:go-git:*:*:*:*:*:go:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "5.11.0"
        },
        {
            "last_affected": "5.11.0"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "5.11.0"
        }
    ]
}

Affected versions

5.*
5.11.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49568.json"