{"id":"GO-2025-3367","summary":"Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git","details":"Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git","aliases":["CVE-2025-21614","GHSA-r9px-m959-cxf4"],"modified":"2026-02-04T02:33:58.878534Z","published":"2025-01-07T16:03:20Z","related":["CGA-rxrq-jmmh-wchr","RHSA-2025:0401","RHSA-2025:0662"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-3367","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4"}],"affected":[{"package":{"name":"github.com/go-git/go-git/v4","ecosystem":"Go","purl":"pkg:golang/github.com/go-git/go-git/v4"},"ranges":[{"type":"SEMVER","events":[{"introduced":"4.0.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3367.json"}},{"package":{"name":"github.com/go-git/go-git/v5","ecosystem":"Go","purl":"pkg:golang/github.com/go-git/go-git/v5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"5.13.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3367.json"}},{"package":{"name":"gopkg.in/src-d/go-git.v4","ecosystem":"Go","purl":"pkg:golang/gopkg.in/src-d/go-git.v4"},"ranges":[{"type":"SEMVER","events":[{"introduced":"4.0.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3367.json"}}],"schema_version":"1.7.3","credits":[{"name":"Ionut Lalu"}]}