跳转到帖子

Red Hat: CVE-2025-21614: go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies (Multiple Advisories)

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Red Hat: CVE-2025-21614: go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies (Multiple Advisories)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
01/06/2025
Created
01/23/2025
Added
01/22/2025
Modified
01/24/2025

Description

go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.

Solution(s)

  • redhat-upgrade-grafana
  • redhat-upgrade-grafana-debuginfo
  • redhat-upgrade-grafana-debugsource
  • redhat-upgrade-grafana-selinux

References

  • CVE-2025-21614
  • RHSA-2025:0401
  • RHSA-2025:0662
  • 引用
  • Mention
    • 查看数 699
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表