—

RUSTSEC-2026-0008

Potential undefined behavior when dereferencing Buf struct

Details

if we dereference the Buf struct right after calling new() or default() on Buf struct, it passes Null Pointer to the unsafe function slice::from_raw_parts. Based on the safety section documentation of function, data must be non-null and aligned even for zero-length slices or slices of ZSTs. Thus, passing Null Pointer will lead to undefined behavior.

Are you affected?

Enter the version of the package you're using.

Affected packages

crates.io / git2

Introduced in: 0.0.0-0 Fixed in: 0.20.4

Upgrade git2 to 0.20.4 or newer (ecosystem crates.io).

References

https://crates.io/crates/git2 [PACKAGE]
https://rustsec.org/advisories/RUSTSEC-2026-0008.html [ADVISORY]
https://github.com/rust-lang/git2-rs/pull/1213 [WEB]