GHSA-2frx-2596-x5r6
MEDIUMgitoxide does not detect SHA-1 collision attacks
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
gix-features🦀gix-commitgraph🦀gix-index🦀gix-object🦀gix-odb🦀gix-pack🦀gitoxide🦀gitoxide-core+19 moreReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects crates.io packages — download data is not available via public APIs for these ecosystems.
Description
Summary
gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks.
Details
gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct Git objects with colliding SHA-1 hashes would break the Git object model and integrity checks when used with gitoxide.
The SHA-1 function is considered cryptographically insecure. However, in the wake of the SHAttered attacks, this issue was mitigated in Git 2.13.0 in 2017 by using the sha1collisiondetection algorithm by default and producing an error when known SHA-1 collisions are detected. Git is in the process of migrating to using SHA-256 for object hashes, but this has not been rolled out widely yet and gitoxide does not support SHA-256 object hashes.
PoC
The following program demonstrates the problem, using the two SHAttered PDFs:
use sha1_checked::{CollisionResult, Digest};
fn sha1_oid_of_file(filename: &str) -> gix::ObjectId {
let mut hasher = gix::features::hash::hasher(gix::hash::Kind::Sha1);
hasher.update(&std::fs::read(filename).unwrap());
gix::ObjectId::Sha1(hasher.digest())
}
fn sha1dc_oid_of_file(filename: &str) -> Result<gix::ObjectId, String> {
// Matches Git’s behaviour.
let mut hasher = sha1_checked::Builder::default().safe_hash(false).build();
hasher.update(&std::fs::read(filename).unwrap());
match hasher.try_finalize() {
CollisionResult::Ok(digest) => Ok(gix::ObjectId::Sha1(digest.into())),
CollisionResult::Mitigated(_) => unreachable!(),
CollisionResult::Collision(digest) => Err(format!(
"Collision attack: {}",
gix::ObjectId::Sha1(digest.into()).to_hex()
)),
}
}
fn main() {
dbg!(sha1_oid_of_file("shattered-1.pdf"));
dbg!(sha1_oid_of_file("shattered-2.pdf"));
dbg!(sha1dc_oid_of_file("shattered-1.pdf"));
dbg!(sha1dc_oid_of_file("shattered-2.pdf"));
}
The output is as follows:
[src/main.rs:24:5] sha1_oid_of_file("shattered-1.pdf") = Sha1(38762cf7f55934b34d179ae6a4c80cadccbb7f0a)
[src/main.rs:25:5] sha1_oid_of_file("shattered-2.pdf") = Sha1(38762cf7f55934b34d179ae6a4c80cadccbb7f0a)
[src/main.rs:26:5] sha1dc_oid_of_file("shattered-1.pdf") = Err(
"Collision attack: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a",
)
[src/main.rs:27:5] sha1dc_oid_of_file("shattered-2.pdf") = Err(
"Collision attack: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a",
)
The latter behaviour matches Git.
Since the SHAttered PDFs are not in a valid format for Git objects, a direct proof‐of‐concept using higher‐level APIs cannot be immediately demonstrated without significant computational resources.
Impact
An attacker with the ability to mount a collision attack on SHA-1 like the SHAttered or SHA-1 is a Shambles attacks could create two distinct Git objects with the same hash. This is becoming increasingly affordable for well‐resourced attackers, with the Shambles researchers in 2020 estimating $45k for a chosen‐prefix collision or $11k for a classical collision, and projecting less than $10k for a chosen‐prefix collision by 2025. The result could be used to disguise malicious repository contents, or potentially exploit assumptions in the logic of programs using gitoxide to cause further vulnerabilities.
This vulnerability affects any user of gitoxide, including gix-* library crates, that reads or writes Git objects.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🦀crates.io | gix-features | all versions | 0.41.0 |
| 🦀crates.io | gix-commitgraph | all versions | 0.27.0 |
| 🦀crates.io | gix-index | all versions | 0.39.0 |
| 🦀crates.io | gix-object | all versions | 0.48.0 |
| 🦀crates.io | gix-odb | all versions | 0.68.0 |
| 🦀crates.io | gix-pack | all versions | 0.58.0 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for gix-features. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update gix-features to 0.41.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-2frx-2596-x5r6 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-2frx-2596-x5r6 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-2frx-2596-x5r6. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-2frx-2596-x5r6 in your dependencies?
O3 detects GHSA-2frx-2596-x5r6 across crates.io dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.