JLSEC-2025-182 An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...

PT-2019-6258 · Libgit2 +3 · Libgit2 +3

Name of the Vulnerable Software and Affected Versions: libgit2 versions prior to 0.28.4 libgit2 versions 0.9x prior to 0.99.0 Description: The issue is related to the checkout.c component of libgit2, which mishandles equivalent filenames due to NTFS short names. This may allow a remote attacker t...