GHSA-j39j-6gw9-jw6h

Опубликовано: 04 фев. 2026

Источник: github

Github: Прошло ревью

CVSS4: 2.7

Описание

git2 has potential undefined behavior when dereferencing Buf struct

If the Buf struct is dereferenced immediately after calling new() or default() on the Buf struct, a null pointer is passed to the unsafe function slice::from_raw_parts. According to the safety section documentation of the function, data must be non-null and aligned even for zero-length slices or slices of ZSTs. Thus, passing a null pointer will lead to undefined behavior.

Ссылки

https://github.com/rust-lang/git2-rs/issues/1211
https://github.com/rust-lang/git2-rs/pull/1213
https://github.com/rust-lang/git2-rs/commit/9e160f15bd056f82143109bb330573381e5de719
https://rustsec.org/advisories/RUSTSEC-2026-0008.html

Пакеты

Наименование

git2

rust

Затронутые версииВерсия исправления

< 0.20.4

0.20.4

2.7 Low

CVSS4

Дефекты

CWE-476

2.7 Low

CVSS4

Дефекты

CWE-476