Fair enough. We are testing our tool to try to find bugs/vulnerabilities in several git implementations. I will report here my results if i can find some other memory issue in this git client. ----- Original Message ----- > Gustavo Grieco <gustavo.grieco@xxxxxxx> writes: > > > Now that the cause of this issue is identified, i would like to > > know if there is an impact in the security, so i can request a CVE > > if necessary. > > I am inclined to say that it has no security implications. You have > to be able to write a bogus loose object in an object store you > already have write access to in the first place, in order to cause > this read-only access that goes beyond what is allocated, so at the > worst, what you can do is to hurt yourself, and you can already hurt > yourself in various other ways. >