go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00107}

epss

{'score': 0.00087}


Tue, 10 Jun 2025 07:00:00 +0000

Type Values Removed Values Added
References

Thu, 17 Apr 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Go-git Project
Go-git Project go-git
CPEs cpe:2.3:a:go-git_project:go-git:*:*:*:*:*:go:*:*
Vendors & Products Go-git Project
Go-git Project go-git

Thu, 20 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_gitops:1.14::el8

Thu, 27 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.16::el9

Thu, 27 Feb 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Gitops
Redhat openstack
CPEs cpe:/a:redhat:openshift_gitops:1.15::el8
cpe:/a:redhat:openstack:16.2::el8
cpe:/a:redhat:openstack:17.1::el9
Vendors & Products Redhat openshift Gitops
Redhat openstack

Tue, 25 Feb 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.18::el9

Fri, 14 Feb 2025 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:advanced_cluster_security:4.4::el8

Thu, 13 Feb 2025 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat advanced Cluster Security
Redhat enterprise Linux
Redhat openshift
Redhat rhel Eus
Redhat trusted Profile Analyzer
CPEs cpe:/a:redhat:advanced_cluster_security:4.5::el8
cpe:/a:redhat:advanced_cluster_security:4.6::el8
cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:openshift:4.17::el9
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:trusted_profile_analyzer:1.2::el9
Vendors & Products Redhat
Redhat advanced Cluster Security
Redhat enterprise Linux
Redhat openshift
Redhat rhel Eus
Redhat trusted Profile Analyzer

Thu, 09 Jan 2025 14:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Mon, 06 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jan 2025 16:30:00 +0000

Type Values Removed Values Added
Description go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
Title go-git clients vulnerable to DoS via maliciously crafted Git server replies
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-08-26T19:48:04.692Z

Reserved: 2024-12-29T03:00:24.713Z

Link: CVE-2025-21614

cve-icon Vulnrichment

Updated: 2025-01-06T16:36:27.947Z

cve-icon NVD

Status : Modified

Published: 2025-01-06T17:15:47.310

Modified: 2025-08-26T20:15:36.507

Link: CVE-2025-21614

cve-icon Redhat

Severity : Important

Publid Date: 2025-01-06T16:20:16Z

Links: CVE-2025-21614 - Bugzilla

cve-icon OpenCVE Enrichment

No data.