Fluid Attacks Database

Description

Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	gopkg.in/src-d/go-git.v4	>=4.0.0 <=4.13.1	-
debian 12	golang-github-go-git-go-git	=5.11.0-1 \|\| =5.11.0-2 \|\| =5.11.0-3 \|\| =5.11.0-4 \|\| =5.12.0-1 \|\| =5.13.2-1 \|\| =5.14.0-1 \|\| =5.16.2-1 \|\| =5.17.0-1 \|\| =5.17.1-1 \|\| =5.4.2-3 \|\| =5.4.2-4	-
debian 13	golang-github-go-git-go-git	>=0 <5.13.2-1	5.13.2-1
debian 14	golang-github-go-git-go-git	>=0 <5.13.2-1	5.13.2-1
go	github.com/go-git/go-git/v5	>=0 <5.13.0	5.13.0
go	github.com/go-git/go-git	>=4.0.0 <=4.13.1	-
go	github.com/go-git/go-git/v4	>=4.0.0	-
rpm rhel8	grafana	<0:9.2.10-21.el8_10	0:9.2.10-21.el8_10
rpm rhel9.4	grafana	<0:9.2.10-21.el9_4	0:9.2.10-21.el9_4
rpm rhel9	grafana	-	-

Aliases

1. CVE-2025-216142. NVD-2025-216143. OSV-2025-216144. OSV-DEBIAN-2025-216145. OSV-GO-2025-33676. GHSA-r9px-m959-cxf47. GCVE-2025-216148. SECURITY-TRACKER-CVE-2025-216149. GHSA-r9px-m959-cxf4

References

1. https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.