Primary

Context

go-git Memory Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the go-git library, specifically in versions 5.0.0 prior to 5.17.1. The issue arises from the handling of .idx files, where a maliciously crafted file can cause asymmetric memory consumption. This exploitation can lead to exhaustion of available memory, creating a DoS condition. To exploit this vulnerability, write access to the local repository's .git directory is required to create or modify .idx files.

Impact

Exploitation of this vulnerability can cause significant memory exhaustion, leading to a denial-of-service condition where the application or service becomes unresponsive or unavailable.

Remediation

Users are advised to upgrade to version 5.17.1 or the latest v6 pseudo-version to address this vulnerability.

Added: Mar 31, 2026, 4:04 PM

Updated: Mar 31, 2026, 4:04 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.0

remediation

7.7

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.0

remediation

7.7

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

go-git Memory Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

github.com/go-git/go-git

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating