RUSTSEC-2026-0008

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2026-0008
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0008.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2026-0008
Aliases
Published
2026-02-02T12:00:00Z
Modified
2026-02-05T06:56:18.869923Z
Summary
Potential undefined behavior when dereferencing Buf struct
Details

if we dereference the Buf struct right after calling new() or default() on Buf struct, it passes Null Pointer to the unsafe function slice::fromrawparts. Based on the safety section documentation of function, data must be non-null and aligned even for zero-length slices or slices of ZSTs. Thus, passing Null Pointer will lead to undefined behavior.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / git2

Package

Name
git2
View open source insights on deps.dev
Purl
pkg:cargo/git2

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.20.4

Ecosystem specific 

{
    "affects": {
        "functions": [],
        "os": [],
        "arch": []
    },
    "affected_functions": null
}

Database specific

source 
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0008.json"
informational 
"unsound"
categories 
[
    "memory-corruption"
]
cvss 
null