漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
go-git: Maliciously crafted idx file can cause asymmetric memory consumption
Vulnerability Description
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory, it order to create or alter existing .idx files. This issue has been patched in version 5.17.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
整数下溢(超界折返)
Vulnerability Title
go-git 安全漏洞
Vulnerability Description
go-git是go-git开源的一个用纯 Go 编写的高度可扩展的 git 实现库。 go-git 5.17.1之前版本存在安全漏洞,该漏洞源于特制的.idx文件可能导致非对称内存消耗,可能耗尽可用内存并导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A