Buffer Overflow Vulnerability in Git's wincred Credential Helper
CVE-2025-48386

6.3MEDIUM

Key Information:

Vendor: Git
Status: Git
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-48386?

A potential buffer overflow vulnerability exists in the wincred credential helper of Git, affecting its ability to securely manage credentials. The issue stems from inadequate bounds checking in a static buffer used for key storage. When appending data with the wcsncat() function, the lack of proper validation can result in a buffer overflow, which attackers could exploit to gain unauthorized access or disrupt service. This flaw has been addressed in multiple patched versions of Git.

Affected Version(s)

git < 2.43.7 < 2.43.7

git >= 2.44.0-rc0, < 2.44.4 < 2.44.0-rc0, 2.44.4

git >= 2.45.0-rc0, < 2.45.4 < 2.45.0-rc0, 2.45.4

References

https://github.com/git/git/security/advisories/GHSA-4v56-...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
May 19, 2025