CVE-2026-0810

EUVD-2026-4669
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
redhatCNA
6.8 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
gitoxidelabsgix-date
𝑥
< 0.12.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rust-gix-date
forky
vulnerable
sid
vulnerable
trixie
no-dsa
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-0810
https://bugzilla.redhat.com/show_bug.cgi?id=2427057
https://crates.io/crates/gix-date
https://github.com/GitoxideLabs/gitoxide/issues/2305
https://rustsec.org/advisories/RUSTSEC-2025-0140.html
https://github.com/GitoxideLabs/gitoxide/issues/2305