CVE-2025-48386
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-11-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| git | git | 2.50.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Update Git to one of the fixed versions: v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, or v2.50.1 to mitigate this vulnerability.
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow issue in Git's wincred credential helper. The helper uses a static buffer as a unique key for storing credentials but does not properly check the remaining space before appending data using wcsncat(), which can lead to a buffer overflow.
How can this vulnerability impact me? :
The buffer overflow can potentially be exploited to cause unexpected behavior or compromise the confidentiality of stored credentials, as indicated by the high confidentiality impact in the CVSS score. This could lead to unauthorized access to sensitive information.