CVE-2023-49568

EPSS 0.15%
Veröffentlicht 12.01.2024 11:15:12
Zuletzt bearbeitet 21.11.2024 08:33:34
Quelle cve-requests@bitdefender.com
CVE-Watchlists
Login
Unerledigt
Login

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.

Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.
This is a go-git implementation issue and does not affect the upstream git cli.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Go-git Project ≫ Go-git SwPlatformgo Version >= 4.0.0 < 5.11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.365

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve-requests@bitdefender.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-49568

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49568

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49568

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-49568