2378807 – (CVE-2025-48386) CVE-2025-48386 git: Git buffer overflow

Bug 2378807 (CVE-2025-48386) - CVE-2025-48386 git: Git buffer overflow

Summary: CVE-2025-48386 git: Git buffer overflow

Keywords:
Status:	NEW
Alias:	CVE-2025-48386
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2378820 2378822 2378821 2378823
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-08 19:01 UTC by OSIDB Bzimport
Modified:	2025-07-09 19:32 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-08 19:01:15 UTC

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

Note You need to log in before you can comment on or make changes to this bug.