CVE-2025-21614

描述

Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git

受影響套件(7)

• Debian/golang-github-go-git-go-gitfrom 0
• Go/github.com/go-git/go-git>= 4.0.0, <= 4.13.1
• Go/github.com/go-git/go-git/v4>= 4.0.0
• Go/github.com/go-git/go-git/v5from 0, < 5.13.0
• Go/github.com/go-git/go-git/v5from 0, < 5.13.0
• Go/gopkg.in/src-d/go-git.v4>= 4.0.0
• Go/gopkg.in/src-d/go-git.v4>= 4.0.0, <= 4.13.1

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-21614
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-21614
• PATCHhttps://github.com/go-git/go-git
• WEBhttps://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4