CVE-2023-49568

ADVISORY - github

Summary

Impact

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.

Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli.

Patches

Users running versions of go-git from v4 and above are recommended to upgrade to v5.11 in order to mitigate this vulnerability.

Workarounds

In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trust-worthy Git servers.

Credit

Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us.

References

GHSA-mw99-9chc-xw7r

EPSS Score⁠: 0.00153 (0.365)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2023-49568⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠

CVSS SCORE

7.5high

GitHub

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDGHSA-mw99-9chc-xw7r⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠

CVSS SCORE

7.5high

Alpine

CREATED

2 years ago

UPDATED

10 hours ago

ADVISORY IDCVE-2023-49568⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

2 years ago

UPDATED

18 days ago

ADVISORY IDCVE-2023-49568⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 years ago

UPDATED

1 day ago

ADVISORY IDCVE-2023-49568⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

GoLang

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDGO-2024-2466⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY ID

CVE-2023-49568

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-20⁠CWE-937⁠

CVSS SCORE

7.5high

Amazon

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDALAS-2024-1920⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDALAS2-2024-2458⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDALAS2023-2024-526⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

2 years ago

UPDATED

12 days ago

ADVISORY IDCVE-2023-49568⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠

CVSS SCORE

7.5high

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-3649-h3j9-rvx6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-386m-pr6v-7wq2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-453h-pgg7-xw3r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-486r-p4fq-q959

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-4x69-xmvh-89mw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-54g8-jwm3-m68x

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-6xm2-x4rj-xvgx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-7897-g922-6qf2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-7pqw-3cfv-mfrc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-824q-mm8q-fg8w

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-8678-f34j-w23h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-8846-v282-jc4f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-948w-qmmc-gw76

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-f2qm-m2cx-qx6r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-f69f-9576-qmxm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-ff45-jpq8-jw8c

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-frpf-j89x-wfhc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-fxq8-hgpw-6v78

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-jp77-49rg-8xwx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-jx4h-vvh9-5j73

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-m6qq-79rg-rjwv

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-p2w5-4v25-589r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-p5r8-cfv9-cmhc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-p83x-8387-c6fj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-q7f9-729r-99v3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-rwg5-6pf6-v3px

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-v4xq-f4rj-pr4r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-v9fj-w7f9-p53h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-vrx4-hf5c-hgv8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-wgvq-wm85-q9vx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

11 days ago

UPDATED

11 days ago

ADVISORY ID

CGA-wwh6-vmmm-85jv

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-xgmc-87vw-749v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-xp2m-fxr2-rf4v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2023-49568

Summary

Impact

Patches

Workarounds

Credit

References

Common Weakness Enumeration (CWE)

CWE-20⁠

CWE-20⁠

CWE-1035⁠

CWE-20⁠

CWE-937⁠

CWE-400⁠

Advisories

NIST

CVSS SCORE

GitHub

CVSS SCORE

Alpine

Debian

Ubuntu

CVSS SCORE

GoLang

GitLab

CVSS SCORE

Amazon

CVSS SCORE

Amazon

CVSS SCORE

Amazon

CVSS SCORE

Red Hat

CVSS SCORE

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard

Chainguard