INFSA-2024:7135: git-lfs security update
Information about definition
Identificator: INFSA-2024:7135
Type: security
Release date: 2024-10-10 10:43:49 UTC
Information about package
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Vulnerabilities description
- CVE-2024-34156
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-34156
|
no information | 7.5 | no information |
Updated packages