Skip to main content

Ubuntu CVE-2025-48386

| EUVDEUVD-2025-20679 MEDIUM
Classic Buffer Overflow (CWE-120)
2025-07-08 security-advisories@github.com
6.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.3 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative
Red Hat
6.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 04:21 euvd
EUVD-2025-20679
Analysis Generated
Mar 16, 2026 - 04:21 vuln.today
CVE Published
Jul 08, 2025 - 19:15 nvd
MEDIUM 6.3

DescriptionGitHub Advisory

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

Analysis

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

Technical ContextAI

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Classic Buffer Overflow (CWE-120).

RemediationAI

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Vendor StatusVendor

Ubuntu

Priority: Medium
git
Release Status Version
bionic released 1:2.17.1-1ubuntu0.18+esm2
focal released 1:2.25.1-1ubuntu3.14+esm1
jammy released 1:2.34.1-1ubuntu1.13
noble released 1:2.43.0-1ubuntu7.3
oracular released 1:2.45.2-1ubuntu1.2
plucky released 1:2.48.1-0ubuntu1.1
upstream released 2.43.7
xenial released 1:2.7.4-0ubuntu1.10+esm9

Debian

git
Release Status Fixed Version Urgency
bullseye fixed 1:2.30.2-1+deb11u2 -
bullseye (security) fixed 1:2.30.2-1+deb11u5 -
bookworm fixed 1:2.39.5-0+deb12u3 -
bookworm (security) fixed 1:2.39.5-0+deb12u2 -
trixie fixed 1:2.47.3-0+deb13u1 -
forky fixed 1:2.51.0-1 -
sid fixed 1:2.53.0-1 -
(unstable) not-affected - -

SUSE

Severity: Medium
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:latest Affected
SUSE Linux Enterprise Server 16.0 Fixed
SUSE Linux Micro 6.0 Fixed
SUSE Linux Micro 6.1 Fixed
openSUSE Tumbleweed Fixed

Share

CVE-2025-48386 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy