/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2025-21614

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-21614

CGA ID

CGA-4j69-wc2q-6773

Severity

7.5

High

CVSS V3

Description

go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.

References

  • https://images.chainguard.dev/security/CGA-4j69-wc2q-6773
  • https://github.com/advisories/GHSA-r9px-m959-cxf4
  • https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4
  • https://security-tracker.debian.org/tracker/CVE-2025-21614

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation