Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack (~174 bytes) whose delta header declares a huge dest_size. When dulwich ingested it via add_thin_pack / apply_delta, it would allocate hundreds of MB of memory based on that attacker-controlled size, with no relationship to the actual bytes received. Operators running a Dulwich-based Git server that exposes git-receive-pack (i.e. accepts pushes) - for example via dulwich.server functionality, the HTTP smart server, or anything built on ReceivePackHandler - are impacted. The issue is patched in 1.2.5. add_thin_pack now accepts a max_input_size keyword (bytes; 0/None = unlimited, matching git's semantics), and ReceivePackHandler reads receive.maxInputSize from the repository config and passes it through. Wire reads are counted and a PackInputTooLarge exception is raised once the cap is exceeded - equivalent to git index-pack --max-input-size. Users should upgrade to Dulwich 1.2.5 or later and set receive.maxInputSize in their server's repository config to a sane bound for their environment. On unpatched versions, receive.maxInputSize has no effect, so it cannot be used as a workaround. Until upgrading, operators should restrict dulwich-receive-pack (push) access to trusted, authenticated clients only, or disable it entirely on servers that only need to serve fetches and/or run the server under an OS-level memory limit (e.g. ulimit, cgroups/MemoryMax, or a container memory limit) so a malicious push is killed rather than taking down the host.

A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. A remote attacker with push access to a Dulwich-based Git server could send a specially crafted thin pack. This crafted pack, with a manipulated delta header, would cause the server to allocate excessive amounts of memory, leading to a Denial of Service (DoS) condition. This vulnerability allows an authenticated attacker to disrupt the availability of the Git server.

This Moderate impact denial of service flaw in Dulwich affects Red Hat products utilizing Dulwich-based Git server functionalities. An authenticated attacker with push access could send a crafted Git thin pack, causing excessive memory allocation and disrupting service availability. The vulnerability requires prior authentication, but its exploitation can lead to a system crash. Red Hat Ansible Automation Platform 2 Fix deferred ansible-automation-platform-26/controller-rhel9 Red Hat Ansible Automation Platform 2 Fix deferred ansible-automation-platform-26/eda-controller-rhel9 Red Hat Ansible Automation Platform 2 Fix deferred ansible-automation-platform-26/lightspeed-chatbot-rhel9 Red Hat Ansible Automation Platform 2 Fix deferred ansible-automation-platform-27/controller-rhel9 Red Hat Ansible Automation Platform 2 Fix deferred ansible-automation-platform-27/eda-controller-rhel9 Red Hat Enterprise Linux 7 Fix deferred resource-agents Red Hat Enterprise Linux 8 Fix deferred resource-agents Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-kserve-agent-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-kserve-autogluon-server-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-kserve-controller-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-kserve-router-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-kserve-storage-initializer-rhel9 Red Hat OpenShift Container Platform 4 Under investigation python-dulwich Red Hat Satellite 6 Fix deferred python-dulwich https://www.cve.org/CVERecord?id=CVE-2026-47734 https://nvd.nist.gov/vuln/detail/CVE-2026-47734 https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5 https://github.com/jelmer/dulwich/security/advisories/GHSA-xrvj-v92f-53gj