ghsa-2frx-2596-x5r6
Vulnerability from github
Summary
gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks.
Details
gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct Git objects with colliding SHA-1 hashes would break the Git object model and integrity checks when used with gitoxide.
The SHA-1 function is considered cryptographically insecure. However, in the wake of the SHAttered attacks, this issue was mitigated in Git 2.13.0 in 2017 by using the sha1collisiondetection algorithm by default and producing an error when known SHA-1 collisions are detected. Git is in the process of migrating to using SHA-256 for object hashes, but this has not been rolled out widely yet and gitoxide does not support SHA-256 object hashes.
PoC
The following program demonstrates the problem, using the two SHAttered PDFs:
```rust use sha1_checked::{CollisionResult, Digest};
fn sha1_oid_of_file(filename: &str) -> gix::ObjectId { let mut hasher = gix::features::hash::hasher(gix::hash::Kind::Sha1); hasher.update(&std::fs::read(filename).unwrap()); gix::ObjectId::Sha1(hasher.digest()) }
fn sha1dc_oid_of_file(filename: &str) -> Result { // Matches Git’s behaviour. let mut hasher = sha1_checked::Builder::default().safe_hash(false).build(); hasher.update(&std::fs::read(filename).unwrap()); match hasher.try_finalize() { CollisionResult::Ok(digest) => Ok(gix::ObjectId::Sha1(digest.into())), CollisionResult::Mitigated(_) => unreachable!(), CollisionResult::Collision(digest) => Err(format!( "Collision attack: {}", gix::ObjectId::Sha1(digest.into()).to_hex() )), } }
fn main() { dbg!(sha1_oid_of_file("shattered-1.pdf")); dbg!(sha1_oid_of_file("shattered-2.pdf")); dbg!(sha1dc_oid_of_file("shattered-1.pdf")); dbg!(sha1dc_oid_of_file("shattered-2.pdf")); } ```
The output is as follows:
[src/main.rs:24:5] sha1_oid_of_file("shattered-1.pdf") = Sha1(38762cf7f55934b34d179ae6a4c80cadccbb7f0a)
[src/main.rs:25:5] sha1_oid_of_file("shattered-2.pdf") = Sha1(38762cf7f55934b34d179ae6a4c80cadccbb7f0a)
[src/main.rs:26:5] sha1dc_oid_of_file("shattered-1.pdf") = Err(
"Collision attack: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a",
)
[src/main.rs:27:5] sha1dc_oid_of_file("shattered-2.pdf") = Err(
"Collision attack: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a",
)
The latter behaviour matches Git.
Since the SHAttered PDFs are not in a valid format for Git objects, a direct proof‐of‐concept using higher‐level APIs cannot be immediately demonstrated without significant computational resources.
Impact
An attacker with the ability to mount a collision attack on SHA-1 like the SHAttered or SHA-1 is a Shambles attacks could create two distinct Git objects with the same hash. This is becoming increasingly affordable for well‐resourced attackers, with the Shambles researchers in 2020 estimating $45k for a chosen‐prefix collision or $11k for a classical collision, and projecting less than $10k for a chosen‐prefix collision by 2025. The result could be used to disguise malicious repository contents, or potentially exploit assumptions in the logic of programs using gitoxide to cause further vulnerabilities.
This vulnerability affects any user of gitoxide, including gix-* library crates, that reads or writes Git objects.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "gix-features"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.41.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-commitgraph"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.27.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-index"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.39.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-object"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.48.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-odb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.68.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-pack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.58.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gitoxide"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.42.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gitoxide-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.46.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.71.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-archive"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.20.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-blame"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-config"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.44.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-diff"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.51.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-dir"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.13.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-discover"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.39.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.18.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-fsck"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-merge"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-negotiate"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.19.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-protocol"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.49.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-ref"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.51.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-revision"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.33.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-revwalk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.19.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-status"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.18.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-traverse"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.45.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-worktree"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.40.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "gix-worktree-state"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.18.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-31130"
],
"database_specific": {
"cwe_ids": [
"CWE-328"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-04T16:06:08Z",
"nvd_published_at": "2025-04-04T15:15:48Z",
"severity": "MODERATE"
},
"details": "### Summary\ngitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks.\n\n### Details\ngitoxide uses the `sha1_smol` or `sha1` crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct Git objects with colliding SHA-1 hashes would break the Git object model and integrity checks when used with gitoxide.\n\nThe SHA-1 function is considered cryptographically insecure. However, in the wake of the SHAttered attacks, this issue was mitigated in Git 2.13.0 in 2017 by using the [sha1collisiondetection](https://github.com/crmarcstevens/sha1collisiondetection) algorithm by default and producing an error when known SHA-1 collisions are detected. Git is in the process of migrating to using SHA-256 for object hashes, but this has not been rolled out widely yet and gitoxide does not support SHA-256 object hashes.\n\n### PoC\nThe following program demonstrates the problem, using the two [SHAttered PDFs](https://shattered.io/):\n\n```rust\nuse sha1_checked::{CollisionResult, Digest};\n\nfn sha1_oid_of_file(filename: \u0026str) -\u003e gix::ObjectId {\n let mut hasher = gix::features::hash::hasher(gix::hash::Kind::Sha1);\n hasher.update(\u0026std::fs::read(filename).unwrap());\n gix::ObjectId::Sha1(hasher.digest())\n}\n\nfn sha1dc_oid_of_file(filename: \u0026str) -\u003e Result\u003cgix::ObjectId, String\u003e {\n // Matches Git\u2019s behaviour.\n let mut hasher = sha1_checked::Builder::default().safe_hash(false).build();\n hasher.update(\u0026std::fs::read(filename).unwrap());\n match hasher.try_finalize() {\n CollisionResult::Ok(digest) =\u003e Ok(gix::ObjectId::Sha1(digest.into())),\n CollisionResult::Mitigated(_) =\u003e unreachable!(),\n CollisionResult::Collision(digest) =\u003e Err(format!(\n \"Collision attack: {}\",\n gix::ObjectId::Sha1(digest.into()).to_hex()\n )),\n }\n}\n\nfn main() {\n dbg!(sha1_oid_of_file(\"shattered-1.pdf\"));\n dbg!(sha1_oid_of_file(\"shattered-2.pdf\"));\n dbg!(sha1dc_oid_of_file(\"shattered-1.pdf\"));\n dbg!(sha1dc_oid_of_file(\"shattered-2.pdf\"));\n}\n```\n\nThe output is as follows:\n\n```\n[src/main.rs:24:5] sha1_oid_of_file(\"shattered-1.pdf\") = Sha1(38762cf7f55934b34d179ae6a4c80cadccbb7f0a)\n[src/main.rs:25:5] sha1_oid_of_file(\"shattered-2.pdf\") = Sha1(38762cf7f55934b34d179ae6a4c80cadccbb7f0a)\n[src/main.rs:26:5] sha1dc_oid_of_file(\"shattered-1.pdf\") = Err(\n \"Collision attack: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a\",\n)\n[src/main.rs:27:5] sha1dc_oid_of_file(\"shattered-2.pdf\") = Err(\n \"Collision attack: 38762cf7f55934b34d179ae6a4c80cadccbb7f0a\",\n)\n```\n\nThe latter behaviour matches Git.\n\nSince the SHAttered PDFs are not in a valid format for Git objects, a direct proof\u2010of\u2010concept using higher\u2010level APIs cannot be immediately demonstrated without significant computational resources.\n\n### Impact\nAn attacker with the ability to mount a collision attack on SHA-1 like the [SHAttered](https://shattered.io/) or [SHA-1 is a Shambles](https://sha-mbles.github.io/) attacks could create two distinct Git objects with the same hash. This is becoming increasingly affordable for well\u2010resourced attackers, with the Shambles researchers in 2020 estimating $45k for a chosen\u2010prefix collision or $11k for a classical collision, and projecting less than $10k for a chosen\u2010prefix collision by 2025. The result could be used to disguise malicious repository contents, or potentially exploit assumptions in the logic of programs using gitoxide to cause further vulnerabilities.\n\nThis vulnerability affects any user of gitoxide, including `gix-*` library crates, that reads or writes Git objects.",
"id": "GHSA-2frx-2596-x5r6",
"modified": "2025-04-04T16:06:09Z",
"published": "2025-04-04T16:06:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-2frx-2596-x5r6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31130"
},
{
"type": "WEB",
"url": "https://github.com/GitoxideLabs/gitoxide/commit/4660f7a6f71873311f68f170b0f1f6659a02829d"
},
{
"type": "PACKAGE",
"url": "https://github.com/GitoxideLabs/gitoxide"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2025-0021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "gitoxide does not detect SHA-1 collision attacks"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.