SB2026052229 - IBM Watson Speech Services Cartridge update for go-git



SB2026052229 - IBM Watson Speech Services Cartridge update for go-git

Published: May 22, 2026

Security Bulletin ID SB2026052229
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Partial DoS

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper Validation of Array Index (CVE-ID: CVE-2026-33762)

CWE-ID: CWE-129 - Improper Validation of Array Index

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper validation of array index in the index decoder for format version 4 when parsing a crafted .git/index file. A local user can supply a specially crafted .git/index file to cause a denial of service.

User interaction is required during normal index parsing, and the issue can result in process termination if the application does not recover from panics.


Remediation

Install update from vendor's website.