Sign In

CVE-2026-34165

ADVISORY - github

Summary

Impact

A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service (DoS) condition.

Exploitation requires write access to the local repository's .git directory, it order to create or alter existing .idx files.

Patches

Users should upgrade to v5.17.1, or the latest v6 pseudo-version, in order to mitigate this vulnerability.

Credit

The go-git maintainers thank @kq5y for finding and reporting this issue privately to the go-git project.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-191

Integer Underflow (Wrap or Wraparound)

CWE-770

Allocation of Resources Without Limits or Throttling

Impacted images

Advisories

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-jhf3-xxhw-2wpp
EXPLOITABILITY SCORE

1.3

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-191CWE-770

CVSS SCORE

5medium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-m74g-hr5c-wfmv

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY