DEBIAN-CVE-2025-21614

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-21614
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-21614.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-21614
Upstream
Published
2025-01-06T17:15:47Z
Modified
2025-09-25T02:28:32.024641Z
Summary
[none]
Details

go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.

References

Affected packages

Debian:12 / golang-github-go-git-go-git

Package

Name
golang-github-go-git-go-git
Purl
pkg:deb/debian/golang-github-go-git-go-git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2-3
5.4.2-4
5.11.0-1
5.11.0-2
5.11.0-3
5.11.0-4
5.12.0-1
5.13.2-1
5.14.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-github-go-git-go-git

Package

Name
golang-github-go-git-go-git
Purl
pkg:deb/debian/golang-github-go-git-go-git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.13.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / golang-github-go-git-go-git

Package

Name
golang-github-go-git-go-git
Purl
pkg:deb/debian/golang-github-go-git-go-git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.13.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}