Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as it directly passes the length to functions which accept a `size_t` length as parameter. The issue is fixed by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`.
Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as it directly passes the length to functions which accept a `size_t` length as parameter. The issue is fixed by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`.
https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834