RUSTSEC-2026-0183

ADVISORY - rustsec

Summary

When calling Remote::list() for a remote of a git repository, when that remote does not advertise any references, git2 passes a null pointer to the unsafe function slice::from_raw_parts(). Based on the safety section documentation of function, data must be non-null even for slices of length zero. Thus, the use of a null pointer leads to undefined behavior.

Common Weakness Enumeration (CWE)

Impacted images

Advisories

RustSec

CREATED

1 month ago

UPDATED

10 hours ago

ADVISORY IDRUSTSEC-2026-0183⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
git2	cargo	-	-	<0.21.0	0.21.0

Severity and metrics

No CVSS data available from this advisory.