CVE-2025-21614

Publication date 6 January 2025

Last updated 8 January 2025

Ubuntu priority

go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
golang-github-go-git-go-git	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-21614
https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4