Advisories for Pypi/Pygit2 package

An issue was discovered in libgit2, which is used by pygit2 package: checkout.c mishandles equivalent filenames that exist because of NTFS short names.

An issue was discovered in libgit2, which is used by pygit2 package: path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository.

In the library libgit2, which is used by pygit2, a remote attacker can send a crafted smart-protocol ng packet that lacks a \0 byte to trigger an out-of-bounds read leading to a DoS.

The libgit2 library, which is used by pygit2, is vulnerable to an integer overflow which leads to an out-of-bound read. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.

The library libgit2, which is used by pygit2, contains an out-of-bound read vulnerability that can lead to a Denial of Service.