Buffer Overflow Vulnerability in Git's wincred Credential Helper
CVE-2025-48386

6.3MEDIUM

Key Information:

Vendor

Git

Status
Vendor
CVE Published:
8 July 2025

What is CVE-2025-48386?

A potential buffer overflow vulnerability exists in the wincred credential helper of Git, affecting its ability to securely manage credentials. The issue stems from inadequate bounds checking in a static buffer used for key storage. When appending data with the wcsncat() function, the lack of proper validation can result in a buffer overflow, which attackers could exploit to gain unauthorized access or disrupt service. This flaw has been addressed in multiple patched versions of Git.

Affected Version(s)

git < 2.43.7 < 2.43.7

git >= 2.44.0-rc0, < 2.44.4 < 2.44.0-rc0, 2.44.4

git >= 2.45.0-rc0, < 2.45.4 < 2.45.0-rc0, 2.45.4

References

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-48386 : Buffer Overflow Vulnerability in Git's wincred Credential Helper