CVE-2023-49568

2024-01-1211:15:12

CWE-20

Bitdefender

web.nvd.nist.gov

139

cve

2023

49568

denial of service

dos

vulnerability

go-git

resource exhaustion

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.

Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.
This is a go-git implementation issue and does not affect the upstream git cli.

Affected configurations

Nvd

Node

go-git_projectgo-gitRange4.0.0–5.11.0go

VendorProductVersionCPE
go-git_projectgo-git*cpe:2.3:a:go-git_project:go-git:*:*:*:*:*:go:*:*

Vendor	Product	Version	CPE
go-git_project	go-git	*	cpe:2.3:a:go-git_project:go-git::::::go::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "go-git",
    "vendor": "go-git",
    "versions": [
      {
        "status": "affected",
        "version": "5.11.0"
      }
    ]
  }
]