CVE-2025-21614

HIGH7.5EPSS 0.23%

Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git

Published: 1/6/2025Modified: 2/4/2026

Also known as:GHSA-r9px-m959-cxf4 RHSA-2025:0401 RHSA-2025:0662CGA-rxrq-jmmh-wchrGO-2025-3367

Description

Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git

Affected packages (7)

Debian/golang-github-go-git-go-gitfrom 0
Go/github.com/go-git/go-git>= 4.0.0, <= 4.13.1
Go/github.com/go-git/go-git/v4>= 4.0.0
Go/github.com/go-git/go-git/v5from 0, < 5.13.0
Go/github.com/go-git/go-git/v5from 0, < 5.13.0
Go/gopkg.in/src-d/go-git.v4>= 4.0.0
Go/gopkg.in/src-d/go-git.v4>= 4.0.0, <= 4.13.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (4)