QSearchQSearch

CVE-2026-44740

6.5 MEDIUM

Billy is an interface filesystem abstraction for Go

Published: 2026-06-01 · Last updated: 2026-06-01

Severity and scoring

CVSS
6.5 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-674, CWE-835

Description

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2025-7010 Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Serv... (5.5 MEDIUM)
  • CVE-2025-7005 Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the anti... (5.5 MEDIUM)
  • CVE-2026-48734 ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
  • CVE-2026-48733 ImageMagick is free and open-source software used for editing and manipulating digital images (4.7 MEDIUM)
  • CVE-2026-46557 ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)