admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2025/CVE-2025-31130.md

19 lines
1.1 KiB
Markdown
Raw Normal View History

Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
### [CVE-2025-31130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31130)
![](https://img.shields.io/static/v1?label=Product&message=gitoxide&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%200.42.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-328%3A%20Use%20of%20Weak%20Hash&color=brightgreen)
### Description
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct Git objects with colliding SHA-1 hashes would break the Git object model and integrity checks when used with gitoxide. This vulnerability is fixed in 0.42.0.
### POC
#### Reference
- https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-2frx-2596-x5r6
#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/xizheyin/cvetracker4rs
Reference in New Issue Copy Permalink