5
CVE-2026-34165
- EPSS 0.01%
- Veröffentlicht 31.03.2026 13:46:37
- Zuletzt bearbeitet 02.04.2026 16:49:16
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Logingo-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory, it order to create or alter existing .idx files. This issue has been patched in version 5.17.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Go-git Project ≫ Go-git SwPlatformgo Version >= 5.0.0 < 5.17.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.02 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5 | 1.3 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
|
CWE-191 Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.