GHSA-22q8-ghmq-63vf: libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2

February 12, 2024

The libgit2 project fixed three security issues in the 1.7.2 release. These issues are:

References

github.com/advisories/GHSA-22q8-ghmq-63vf
github.com/rust-lang/git2-rs
github.com/rust-lang/git2-rs/commit/9e57876be78924c1e5f3f268bb599e3981fe58bb
github.com/rust-lang/git2-rs/pull/1017
rustsec.org/advisories/RUSTSEC-2024-0013.html

Code Behaviors & Features

Detect and mitigate GHSA-22q8-ghmq-63vf with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →