High severityNVD Advisory· Published Jan 12, 2024· Updated Jun 17, 2025
Maliciously crafted Git server replies can cause DoS on go-git clients
CVE-2023-49568
Description
A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.
Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/go-git/go-git/v5Go | < 5.11.0 | 5.11.0 |
gopkg.in/src-d/go-git.v4Go | >= 4.7.1, <= 4.13.1 | — |
Affected products
116- osv-coords115 versionspkg:apk/chainguard/apkopkg:apk/chainguard/argo-cd-2.7pkg:apk/chainguard/argo-cd-2.7-compatpkg:apk/chainguard/argo-cd-2.7-repo-serverpkg:apk/chainguard/argo-cd-2.8pkg:apk/chainguard/argo-cd-2.8-compatpkg:apk/chainguard/argo-cd-2.8-repo-serverpkg:apk/chainguard/argo-cd-2.9pkg:apk/chainguard/argo-cd-2.9-compatpkg:apk/chainguard/argo-cd-2.9-repo-serverpkg:apk/chainguard/bompkg:apk/chainguard/flux-0pkg:apk/chainguard/flux-0.37pkg:apk/chainguard/flux-2.0pkg:apk/chainguard/flux-compatpkg:apk/chainguard/flux-kustomize-controllerpkg:apk/chainguard/flux-kustomize-controller-2.0pkg:apk/chainguard/flux-kustomize-controller-bitnami-compatpkg:apk/chainguard/flux-kustomize-controller-iamguarded-compatpkg:apk/chainguard/flux-source-controller-2.0pkg:apk/chainguard/gitnesspkg:apk/chainguard/gitsignpkg:apk/chainguard/gitsign-configpkg:apk/chainguard/gitsign-credential-cachepkg:apk/chainguard/go-licensespkg:apk/chainguard/gomplatepkg:apk/chainguard/goreleaserpkg:apk/chainguard/goreleaser-1.18pkg:apk/chainguard/grafana-10.1pkg:apk/chainguard/grafana-9pkg:apk/chainguard/grafana-9.3pkg:apk/chainguard/grafana-oci-compat-9pkg:apk/chainguard/kotspkg:apk/chainguard/kots-compatpkg:apk/chainguard/kots-symlink-compatpkg:apk/chainguard/kubevelapkg:apk/chainguard/kubevela-vela-clipkg:apk/chainguard/kubevela-vela-corepkg:apk/chainguard/kubevela-vela-core-compatpkg:apk/chainguard/nucleipkg:apk/chainguard/pulumipkg:apk/chainguard/pulumi-kubernetes-operatorpkg:apk/chainguard/pulumi-language-dotnetpkg:apk/chainguard/pulumi-language-gopkg:apk/chainguard/pulumi-language-javapkg:apk/chainguard/pulumi-language-nodejspkg:apk/chainguard/pulumi-language-pythonpkg:apk/chainguard/pulumi-language-yamlpkg:apk/chainguard/scorecardpkg:apk/chainguard/src-fingerprintpkg:apk/chainguard/tekton-pipelinespkg:apk/chainguard/tekton-pipelines-entrypointpkg:apk/chainguard/tekton-pipelines-eventspkg:apk/chainguard/tekton-pipelines-noppkg:apk/chainguard/tekton-pipelines-resolverspkg:apk/chainguard/tekton-pipelines-sidecarlogresultspkg:apk/chainguard/tekton-pipelines-webhookpkg:apk/chainguard/tekton-pipelines-workingdirinitpkg:apk/chainguard/vela-clipkg:apk/chainguard/vela-corepkg:apk/chainguard/zotpkg:apk/wolfi/apkopkg:apk/wolfi/argo-cd-2.7pkg:apk/wolfi/argo-cd-2.7-compatpkg:apk/wolfi/argo-cd-2.7-repo-serverpkg:apk/wolfi/argo-cd-2.8pkg:apk/wolfi/argo-cd-2.8-compatpkg:apk/wolfi/argo-cd-2.8-repo-serverpkg:apk/wolfi/argo-cd-2.9pkg:apk/wolfi/argo-cd-2.9-compatpkg:apk/wolfi/argo-cd-2.9-repo-serverpkg:apk/wolfi/bompkg:apk/wolfi/flux-compatpkg:apk/wolfi/flux-kustomize-controllerpkg:apk/wolfi/flux-kustomize-controller-bitnami-compatpkg:apk/wolfi/flux-kustomize-controller-iamguarded-compatpkg:apk/wolfi/gitnesspkg:apk/wolfi/gitsignpkg:apk/wolfi/gitsign-configpkg:apk/wolfi/gitsign-credential-cachepkg:apk/wolfi/go-licensespkg:apk/wolfi/gomplatepkg:apk/wolfi/goreleaserpkg:apk/wolfi/goreleaser-1.18pkg:apk/wolfi/kotspkg:apk/wolfi/kots-compatpkg:apk/wolfi/kots-symlink-compatpkg:apk/wolfi/kubevelapkg:apk/wolfi/kubevela-vela-clipkg:apk/wolfi/kubevela-vela-corepkg:apk/wolfi/kubevela-vela-core-compatpkg:apk/wolfi/nucleipkg:apk/wolfi/pulumipkg:apk/wolfi/pulumi-kubernetes-operatorpkg:apk/wolfi/pulumi-language-dotnetpkg:apk/wolfi/pulumi-language-gopkg:apk/wolfi/pulumi-language-javapkg:apk/wolfi/pulumi-language-nodejspkg:apk/wolfi/pulumi-language-pythonpkg:apk/wolfi/pulumi-language-yamlpkg:apk/wolfi/scorecardpkg:apk/wolfi/src-fingerprintpkg:apk/wolfi/tekton-pipelinespkg:apk/wolfi/tekton-pipelines-entrypointpkg:apk/wolfi/tekton-pipelines-eventspkg:apk/wolfi/tekton-pipelines-noppkg:apk/wolfi/tekton-pipelines-resolverspkg:apk/wolfi/tekton-pipelines-sidecarlogresultspkg:apk/wolfi/tekton-pipelines-webhookpkg:apk/wolfi/tekton-pipelines-workingdirinitpkg:apk/wolfi/vela-clipkg:apk/wolfi/vela-corepkg:apk/wolfi/zotpkg:golang/github.com/go-git/go-git/v5pkg:golang/gopkg.in/src-d/go-git.v4
< 0.13.2-r0+ 114 more
- (no CPE)range: < 0.13.2-r0
- (no CPE)range: < 2.7.15-r7
- (no CPE)range: < 2.7.15-r7
- (no CPE)range: < 2.7.15-r7
- (no CPE)range: < 2.8.7-r6
- (no CPE)range: < 2.8.7-r6
- (no CPE)range: < 2.8.7-r6
- (no CPE)range: < 2.9.3-r5
- (no CPE)range: < 2.9.3-r5
- (no CPE)range: < 2.9.3-r5
- (no CPE)range: < 0.6.0-r0
- (no CPE)range: < 0.41.2-r5
- (no CPE)range: < 0.37.0-r5
- (no CPE)range: < 2.0.1-r2
- (no CPE)range: < 0.41.2-r5
- (no CPE)range: < 1.2.1-r2
- (no CPE)range: < 1.0.1-r2
- (no CPE)range: < 1.2.1-r2
- (no CPE)range: < 1.2.1-r2
- (no CPE)range: < 1.0.1-r4
- (no CPE)range: < 3.0.0_beta5-r0
- (no CPE)range: < 0.8.1-r0
- (no CPE)range: < 0.8.1-r0
- (no CPE)range: < 0.8.1-r0
- (no CPE)range: < 1.6.0-r9
- (no CPE)range: < 3.11.6-r3
- (no CPE)range: < 1.24.0-r0
- (no CPE)range: < 1.18.2-r12
- (no CPE)range: < 10.1.6-r1
- (no CPE)range: < 9.5.15-r2
- (no CPE)range: < 9.3.16-r8
- (no CPE)range: < 9.5.15-r2
- (no CPE)range: < 1.104.7-r2
- (no CPE)range: < 1.104.7-r2
- (no CPE)range: < 1.104.7-r2
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 3.2.0-r0
- (no CPE)range: < 3.99.0-r2
- (no CPE)range: < 1.14.0-r4
- (no CPE)range: < 3.59.0-r3
- (no CPE)range: < 3.99.0-r2
- (no CPE)range: < 0.9.9-r1
- (no CPE)range: < 3.99.0-r2
- (no CPE)range: < 3.99.0-r2
- (no CPE)range: < 1.4.5-r1
- (no CPE)range: < 4.13.1-r4
- (no CPE)range: < 0.19.0-r9
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 2.0.0-r1
- (no CPE)range: < 0.13.2-r0
- (no CPE)range: < 2.7.15-r7
- (no CPE)range: < 2.7.15-r7
- (no CPE)range: < 2.7.15-r7
- (no CPE)range: < 2.8.7-r6
- (no CPE)range: < 2.8.7-r6
- (no CPE)range: < 2.8.7-r6
- (no CPE)range: < 2.9.3-r5
- (no CPE)range: < 2.9.3-r5
- (no CPE)range: < 2.9.3-r5
- (no CPE)range: < 0.6.0-r0
- (no CPE)range: < 0.41.2-r5
- (no CPE)range: < 1.2.1-r2
- (no CPE)range: < 1.2.1-r2
- (no CPE)range: < 1.2.1-r2
- (no CPE)range: < 3.0.0_beta5-r0
- (no CPE)range: < 0.8.1-r0
- (no CPE)range: < 0.8.1-r0
- (no CPE)range: < 0.8.1-r0
- (no CPE)range: < 1.6.0-r9
- (no CPE)range: < 3.11.6-r3
- (no CPE)range: < 1.24.0-r0
- (no CPE)range: < 1.18.2-r12
- (no CPE)range: < 1.104.7-r2
- (no CPE)range: < 1.104.7-r2
- (no CPE)range: < 1.104.7-r2
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 3.2.0-r0
- (no CPE)range: < 3.99.0-r2
- (no CPE)range: < 1.14.0-r4
- (no CPE)range: < 3.59.0-r3
- (no CPE)range: < 3.99.0-r2
- (no CPE)range: < 0.9.9-r1
- (no CPE)range: < 3.99.0-r2
- (no CPE)range: < 3.99.0-r2
- (no CPE)range: < 1.4.5-r1
- (no CPE)range: < 4.13.1-r4
- (no CPE)range: < 0.19.0-r9
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 0.55.0-r2
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 1.9.7-r4
- (no CPE)range: < 2.0.0-r1
- (no CPE)range: < 5.11.0
- (no CPE)range: >= 4.7.1, <= 4.13.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.