{"id":"RUSTSEC-2026-0008","summary":"Potential undefined behavior when dereferencing Buf struct","details":"if we dereference the Buf struct right after calling new() or default() on Buf struct, it passes Null Pointer to the unsafe function slice::from_raw_parts. Based on the safety section documentation of function,\ndata must be non-null and aligned even for zero-length slices or slices of ZSTs. Thus, passing Null Pointer will lead to undefined behavior.","aliases":["GHSA-j39j-6gw9-jw6h"],"modified":"2026-02-05T06:56:18.869923Z","published":"2026-02-02T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/git2"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2026-0008.html"},{"type":"WEB","url":"https://github.com/rust-lang/git2-rs/pull/1213"}],"affected":[{"package":{"name":"git2","ecosystem":"crates.io","purl":"pkg:cargo/git2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.20.4"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":[]},"affected_functions":null},"database_specific":{"cvss":null,"informational":"unsound","categories":["memory-corruption"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0008.json"}}],"schema_version":"1.7.3"}