The git_commit_message function in oid.c in libgit2-dev before 0.24.3 allow sremote attackers to cause a denial of service via acat-file command with a crafted object file.