CNNVD-202602-1407 Information

CNNVD ID

CNNVD-202602-1407

Related CVE

CVE-2026-25934

• CNNVD Published: 2026-02-09

Description (Chinese)

go-git是go-git开源的一个用纯 Go 编写的高度可扩展的 git 实现库。 go-git 5.16.5之前版本存在安全漏洞，该漏洞源于.pack和.idx文件的数据完整性值未正确验证，可能导致使用损坏文件并引发错误。

Description (English)

Go-git is a highly scalable guit realization library created by Go-git open source. There was a security loophole in the pre-go-git 5.16.5 version, which resulted from the incorrect validation of the data integrity values of the .pack and .idx files, which could lead to the use of the damaged document and cause errors.

Vulnerability Type

其他

Affected Vendor

go-git

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/go-git/go-git/releases/tag/v5.16.5 https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3

Patch

https://github.com/go-git/go-git/releases