go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00114.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Go-git Project
  • Go-git
Redhat
  • Advanced Cluster Security
  • Enterprise Linux
  • Openshift
  • Openshift Gitops
  • Openstack
  • Rhel Eus
  • Trusted Profile Analyzer

Configuration 1 [-]

cpe:2.3:a:go-git_project:go-git:*:*:*:*:*:go:*:*
Package CPE Advisory Released Date
Red Hat Advanced Cluster Security 4.4
advanced-cluster-security/rhacs-main-rhel8:4.4.8-2 cpe:/a:redhat:advanced_cluster_security:4.4::el8 RHSA-2025:1468 2025-02-13T00:00:00Z
advanced-cluster-security/rhacs-rhel8-operator:4.4.8-2 cpe:/a:redhat:advanced_cluster_security:4.4::el8 RHSA-2025:1468 2025-02-13T00:00:00Z
advanced-cluster-security/rhacs-roxctl-rhel8:4.4.8-2 cpe:/a:redhat:advanced_cluster_security:4.4::el8 RHSA-2025:1468 2025-02-13T00:00:00Z
Red Hat Advanced Cluster Security 4.5
advanced-cluster-security/rhacs-main-rhel8:4.5.6-2 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:1334 2025-02-11T00:00:00Z
advanced-cluster-security/rhacs-rhel8-operator:4.5.6-2 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:1334 2025-02-11T00:00:00Z
advanced-cluster-security/rhacs-roxctl-rhel8:4.5.6-2 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:1334 2025-02-11T00:00:00Z
advanced-cluster-security/rhacs-scanner-rhel8:4.5.6-2 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:1334 2025-02-11T00:00:00Z
advanced-cluster-security/rhacs-scanner-slim-rhel8:4.5.6-2 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:1334 2025-02-11T00:00:00Z
advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.5.6-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:1334 2025-02-11T00:00:00Z
advanced-cluster-security/rhacs-scanner-v4-rhel8:4.5.6-2 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:1334 2025-02-11T00:00:00Z
Red Hat Advanced Cluster Security 4.6
advanced-cluster-security/rhacs-central-db-rhel8:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-collector-rhel8:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-collector-slim-rhel8:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-rhel8-operator:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-roxctl-rhel8:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-scanner-rhel8:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-scanner-slim-rhel8:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
advanced-cluster-security/rhacs-scanner-v4-rhel8:4.6.2-2 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:0907 2025-02-03T00:00:00Z
Red Hat Enterprise Linux 8
grafana-0:9.2.10-21.el8_10 cpe:/a:redhat:enterprise_linux:8 RHSA-2025:0401 2025-01-20T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
grafana-0:9.2.10-21.el9_4 cpe:/a:redhat:rhel_eus:9.4 RHSA-2025:0662 2025-01-23T00:00:00Z
Red Hat OpenShift Container Platform 4.16
openshift4/ose-helm-rhel9-operator:v4.16.0-202502130836.p0.g26e182e.assembly.stream.el9 cpe:/a:redhat:openshift:4.16::el9 RHSA-2025:1704 2025-02-27T00:00:00Z
openshift4/ose-operator-sdk-rhel9:v4.16.0-202502190034.p0.g26e182e.assembly.stream.el9 cpe:/a:redhat:openshift:4.16::el9 RHSA-2025:1704 2025-02-27T00:00:00Z
Red Hat OpenShift Container Platform 4.17
openshift4/oc-mirror-plugin-rhel9:v4.17.0-202501221434.p0.g39bedc7.assembly.stream.el9 cpe:/a:redhat:openshift:4.17::el9 RHSA-2025:0654 2025-01-28T00:00:00Z
openshift4/ose-helm-rhel9-operator:v4.17.0-202502051104.p0.g61a705e.assembly.stream.el9 cpe:/a:redhat:openshift:4.17::el9 RHSA-2025:1119 2025-02-11T00:00:00Z
openshift4/ose-operator-sdk-rhel9:v4.17.0-202502051104.p0.g61a705e.assembly.stream.el9 cpe:/a:redhat:openshift:4.17::el9 RHSA-2025:1119 2025-02-11T00:00:00Z
Red Hat OpenShift Container Platform 4.18
openshift4/oc-mirror-plugin-rhel9:v4.18.0-202502100934.p0.gc00c7c9.assembly.stream.el9 cpe:/a:redhat:openshift:4.18::el9 RHSA-2024:6122 2025-02-25T00:00:00Z
openshift4/ose-olm-catalogd-rhel9:v4.18.0-202502052031.p0.gf95a88f.assembly.stream.el9 cpe:/a:redhat:openshift:4.18::el9 RHSA-2024:6122 2025-02-25T00:00:00Z
openshift4/ose-olm-operator-controller-rhel9:v4.18.0-202502051931.p0.g74a2477.assembly.stream.el9 cpe:/a:redhat:openshift:4.18::el9 RHSA-2024:6122 2025-02-25T00:00:00Z
Red Hat OpenShift GitOps 1.14
openshift-gitops-argocd-container-v1.14.3-4 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:3069 2025-03-20T00:00:00Z
openshift-gitops-argocd-rhel9-container-v1.14.3-1 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:3069 2025-03-20T00:00:00Z
openshift-gitops-argo-rollouts-container-v1.14.3-4 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:3069 2025-03-20T00:00:00Z
openshift-gitops-console-plugin-container-v1.14.3-4 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:3069 2025-03-20T00:00:00Z
openshift-gitops-container-v1.14.3-4 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:3069 2025-03-20T00:00:00Z
openshift-gitops-dex-container-v1.14.3-4 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:3069 2025-03-20T00:00:00Z
openshift-gitops-kam-delivery-container-v1.14.3-4 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:3069 2025-03-20T00:00:00Z
openshift-gitops-must-gather-container-v1.14.3-4 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:3069 2025-03-20T00:00:00Z
openshift-gitops-operator-bundle-container-v1.14.3-4 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:3069 2025-03-20T00:00:00Z
openshift-gitops-operator-container-v1.14.3-4 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:3069 2025-03-20T00:00:00Z
Red Hat OpenShift GitOps 1.15
openshift-gitops-1/argocd-extensions-rhel8:v1.15.1-7 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:1888 2025-02-26T00:00:00Z
openshift-gitops-1/argocd-rhel8:v1.15.1-7 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:1888 2025-02-26T00:00:00Z
openshift-gitops-1/argocd-rhel9:v1.15.1-1 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:1888 2025-02-26T00:00:00Z
openshift-gitops-1/argo-rollouts-rhel8:v1.15.1-7 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:1888 2025-02-26T00:00:00Z
openshift-gitops-1/console-plugin-rhel8:v1.15.1-7 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:1888 2025-02-26T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.15.1-7 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:1888 2025-02-26T00:00:00Z
openshift-gitops-1/gitops-operator-bundle:v1.15.1-7 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:1888 2025-02-26T00:00:00Z
openshift-gitops-1/gitops-rhel8:v1.15.1-7 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:1888 2025-02-26T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.15.1-7 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:1888 2025-02-26T00:00:00Z
openshift-gitops-1/must-gather-rhel8:v1.15.1-7 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:1888 2025-02-26T00:00:00Z
Red Hat OpenStack Platform 16.2
rhosp-rhel8/osp-director-agent:1.3.0-17 cpe:/a:redhat:openstack:16.2::el8 RHSA-2025:1869 2025-02-26T00:00:00Z
rhosp-rhel8/osp-director-downloader:1.3.0-17 cpe:/a:redhat:openstack:16.2::el8 RHSA-2025:1869 2025-02-26T00:00:00Z
rhosp-rhel8/osp-director-operator:1.3.0-15 cpe:/a:redhat:openstack:16.2::el8 RHSA-2025:1869 2025-02-26T00:00:00Z
rhosp-rhel8/osp-director-operator-bundle:1.3.0-33 cpe:/a:redhat:openstack:16.2::el8 RHSA-2025:1869 2025-02-26T00:00:00Z
Red Hat OpenStack Platform 17.1 for RHEL 9
rhosp-rhel9/osp-director-agent:1.3.1-20 cpe:/a:redhat:openstack:17.1::el9 RHSA-2025:1870 2025-02-26T00:00:00Z
rhosp-rhel9/osp-director-downloader:1.3.1-18 cpe:/a:redhat:openstack:17.1::el9 RHSA-2025:1870 2025-02-26T00:00:00Z
rhosp-rhel9/osp-director-operator:1.3.1-20 cpe:/a:redhat:openstack:17.1::el9 RHSA-2025:1870 2025-02-26T00:00:00Z
rhosp-rhel9/osp-director-operator-bundle:1.3.1-41 cpe:/a:redhat:openstack:17.1::el9 RHSA-2025:1870 2025-02-26T00:00:00Z
Red Hat Trusted Profile Analyzer 1.2
registry.redhat.io/rhtpa/rhtpa-guac-rhel9:sha256:2dc71ee6e8c55a29b6dd68006c7d0365154d35c850021d8b4b77e24b4e8fd1a6 cpe:/a:redhat:trusted_profile_analyzer:1.2::el9 RHSA-2025:0444 2025-01-20T00:00:00Z
registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:sha256:eb2e0b1003ef77c39b28fe9fbe2ca8141aa72160bdcd7d55eddac2c16629d7c4 cpe:/a:redhat:trusted_profile_analyzer:1.2::el9 RHSA-2025:0445 2025-01-20T00:00:00Z

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21614 cve-icon
https://pkg.go.dev/vuln/GO-2025-3367 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21614 cve-icon
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00107}

 epss

{'score': 0.00087}

Tue, 10 Jun 2025 07:00:00 +0000

Type Values Removed Values Added
References

Thu, 17 Apr 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Go-git Project
Go-git Project go-git
CPEs cpe:2.3:a:go-git_project:go-git:*:*:*:*:*:go:*:*
Vendors & Products Go-git Project
Go-git Project go-git

Thu, 20 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_gitops:1.14::el8

Thu, 27 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.16::el9

Thu, 27 Feb 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Gitops
Redhat openstack
CPEs cpe:/a:redhat:openshift_gitops:1.15::el8
cpe:/a:redhat:openstack:16.2::el8
cpe:/a:redhat:openstack:17.1::el9
Vendors & Products Redhat openshift Gitops
Redhat openstack

Tue, 25 Feb 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.18::el9

Fri, 14 Feb 2025 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:advanced_cluster_security:4.4::el8

Thu, 13 Feb 2025 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat advanced Cluster Security
Redhat enterprise Linux
Redhat openshift
Redhat rhel Eus
Redhat trusted Profile Analyzer
CPEs cpe:/a:redhat:advanced_cluster_security:4.5::el8
cpe:/a:redhat:advanced_cluster_security:4.6::el8
cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:openshift:4.17::el9
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:trusted_profile_analyzer:1.2::el9
Vendors & Products Redhat
Redhat advanced Cluster Security
Redhat enterprise Linux
Redhat openshift
Redhat rhel Eus
Redhat trusted Profile Analyzer

Thu, 09 Jan 2025 14:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 06 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Jan 2025 16:30:00 +0000

Type Values Removed Values Added
Description go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
Title go-git clients vulnerable to DoS via maliciously crafted Git server replies
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-08-26T19:48:04.692Z

Reserved: 2024-12-29T03:00:24.713Z

Link: CVE-2025-21614

cve-icon Vulnrichment

Updated: 2025-01-06T16:36:27.947Z

cve-icon NVD

Status : Modified

Published: 2025-01-06T17:15:47.310

Modified: 2025-08-26T20:15:36.507

Link: CVE-2025-21614

cve-icon Redhat

Severity : Important

Publid Date: 2025-01-06T16:20:16Z

Links: CVE-2025-21614 - Bugzilla

cve-icon OpenCVE Enrichment

No data.