CVE-2026-44740

EUVD-2026-33663
Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Debian logo
Debian Releases
Debian Product
Codename
golang-github-go-git-go-billy
bookworm
postponed
forky
vulnerable
sid
vulnerable
trixie
no-dsa
golang-github-go-git-go-billy-v6
forky
vulnerable
sid
vulnerable
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
amazon-ssm-agent
suse enterprise sap 15 SP4
3.3.4624.0-150000.5.37.1
fixed
suse enterprise sap 15 SP5
3.3.4624.0-150000.5.37.1
fixed
suse enterprise server 15 SP4
3.3.4624.0-150000.5.37.1
fixed
suse enterprise server 15 SP5
3.3.4624.0-150000.5.37.1
fixed
terraform-provider-aws
suse enterprise sap 15 SP4
3.11.0-150200.6.18.1
fixed
suse enterprise sap 15 SP5
3.11.0-150200.6.18.1
fixed
suse enterprise server 15 SP4
3.11.0-150200.6.18.1
fixed
suse enterprise server 15 SP5
3.11.0-150200.6.18.1
fixed
terraform-provider-azurerm
suse enterprise sap 15 SP4
2.32.0-150200.6.12.1
fixed
suse enterprise sap 15 SP5
2.32.0-150200.6.12.1
fixed
suse enterprise server 15 SP4
2.32.0-150200.6.12.1
fixed
suse enterprise server 15 SP5
2.32.0-150200.6.12.1
fixed
terraform-provider-external
suse enterprise sap 15 SP4
2.0.0-150200.6.12.1
fixed
suse enterprise sap 15 SP5
2.0.0-150200.6.12.1
fixed
suse enterprise server 15 SP4
2.0.0-150200.6.12.1
fixed
suse enterprise server 15 SP5
2.0.0-150200.6.12.1
fixed
terraform-provider-google
suse enterprise sap 15 SP4
3.43.0-150200.6.12.1
fixed
suse enterprise sap 15 SP5
3.43.0-150200.6.12.1
fixed
suse enterprise server 15 SP4
3.43.0-150200.6.12.1
fixed
suse enterprise server 15 SP5
3.43.0-150200.6.12.1
fixed
terraform-provider-helm
suse enterprise sap 15 SP4
2.9.0-150200.6.23.1
fixed
suse enterprise sap 15 SP5
2.9.0-150200.6.23.1
fixed
suse enterprise server 15 SP4
2.9.0-150200.6.23.1
fixed
suse enterprise server 15 SP5
2.9.0-150200.6.23.1
fixed
terraform-provider-kubernetes
suse enterprise sap 15 SP4
1.13.2-150200.6.12.1
fixed
suse enterprise sap 15 SP5
1.13.2-150200.6.12.1
fixed
suse enterprise server 15 SP4
1.13.2-150200.6.12.1
fixed
suse enterprise server 15 SP5
1.13.2-150200.6.12.1
fixed
terraform-provider-local
suse enterprise sap 15 SP4
2.0.0-150200.6.17.1
fixed
suse enterprise sap 15 SP5
2.0.0-150200.6.17.1
fixed
suse enterprise server 15 SP4
2.0.0-150200.6.17.1
fixed
suse enterprise server 15 SP5
2.0.0-150200.6.17.1
fixed
terraform-provider-null
suse enterprise sap 15 SP4
3.0.0-150200.6.18.1
fixed
suse enterprise sap 15 SP5
3.0.0-150200.6.18.1
fixed
suse enterprise server 15 SP4
3.0.0-150200.6.18.1
fixed
suse enterprise server 15 SP5
3.0.0-150200.6.18.1
fixed
terraform-provider-random
suse enterprise sap 15 SP4
3.0.0-150200.6.15.1
fixed
suse enterprise sap 15 SP5
3.0.0-150200.6.15.1
fixed
suse enterprise server 15 SP4
3.0.0-150200.6.15.1
fixed
suse enterprise server 15 SP5
3.0.0-150200.6.15.1
fixed
terraform-provider-tls
suse enterprise sap 15 SP4
3.0.0-150200.5.15.1
fixed
suse enterprise sap 15 SP5
3.0.0-150200.5.15.1
fixed
suse enterprise server 15 SP4
3.0.0-150200.5.15.1
fixed
suse enterprise server 15 SP5
3.0.0-150200.5.15.1
fixed