CVE-2026-25727

EUVD-2026-5587
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
time_projecttime
0.3.6 ≤
𝑥
< 0.3.47
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rust-time
bookworm
no-dsa
bullseye
0.1.42-1
fixed
forky
0.3.47-1
fixed
sid
0.3.47-1
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
SLES16-Migration
suse enterprise desktop 15 SP7
2.1.30-15.26.4
fixed
suse enterprise sap 15 SP7
2.1.30-15.26.4
fixed
suse enterprise server 15 SP7
2.1.30-15.26.4
fixed
gdk-pixbuf-loader-rsvg
suse enterprise desktop 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise sap 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP4
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP7
2.57.4-150600.3.8.2
fixed
librsvg-2-2
suse enterprise desktop 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise sap 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP4
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP7
2.57.4-150600.3.8.2
fixed
librsvg-devel
suse enterprise desktop 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise sap 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP4
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP7
2.57.4-150600.3.8.2
fixed
python3-migration
suse enterprise desktop 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise sap 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise server 15 SP7
2.1.30-150700.15.21.1
fixed
snpguest
suse enterprise server 15 SP6
0.3.2-150600.3.9.1
fixed
suse-migration-pre-checks
suse enterprise desktop 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise sap 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise server 15 SP7
2.1.30-150700.15.21.1
fixed
suse-migration-scripts
suse enterprise desktop 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise sap 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise server 15 SP7
2.1.30-150700.15.21.1
fixed
suse-migration-sle16-activation
suse enterprise desktop 15 SP7
2.1.30-150700.15.13.1
fixed
suse enterprise sap 15 SP7
2.1.30-150700.15.13.1
fixed
suse enterprise server 15 SP7
2.1.30-150700.15.13.1
fixed
typelib-1_0-Rsvg-2_0
suse enterprise desktop 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise sap 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP4
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP7
2.57.4-150600.3.8.2
fixed
virtiofsd
suse enterprise desktop 15 SP7
1.12.0-150700.3.3.1
fixed
suse enterprise sap 15 SP7
1.12.0-150700.3.3.1
fixed
suse enterprise server 15 SP6
1.10.1-150600.4.6.1
fixed
suse enterprise server 15 SP7
1.12.0-150700.3.3.1
fixed
wicked2nm
suse enterprise desktop 15 SP7
1.4.1-150700.15.16.1
fixed
suse enterprise sap 15 SP7
1.4.1-150700.15.16.1
fixed
suse enterprise server 15 SP7
1.4.1-150700.15.16.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
amazon-efs-utils
Amazon Linux 2
0:3.0.0-4.amzn2
fixed
Amazon Linux 2023
0:3.0.0-4.amzn2023
fixed
aws-nitro-tpm-tools
Amazon Linux 2023
0:1.1.1-1.amzn2023
fixed
below
Amazon Linux 2023
0:0.11.0-1.amzn2023.0.2
fixed
below-debuginfo
Amazon Linux 2023
0:0.11.0-1.amzn2023.0.2
fixed
cargo-c
Amazon Linux 2023
0:0.10.19-1.amzn2023.0.1
fixed
cargo-c-debuginfo
Amazon Linux 2023
0:0.10.19-1.amzn2023.0.1
fixed
firefox
Amazon Linux 2023
0:140.7.0-1.amzn2023.0.4
fixed
firefox-debuginfo
Amazon Linux 2023
0:140.7.0-1.amzn2023.0.4
fixed
firefox-debugsource
Amazon Linux 2023
0:140.7.0-1.amzn2023.0.4
fixed
librsvg2
Amazon Linux 2023
0:2.59.2-318.amzn2023
fixed
librsvg2-debuginfo
Amazon Linux 2023
0:2.59.2-318.amzn2023
fixed
librsvg2-debugsource
Amazon Linux 2023
0:2.59.2-318.amzn2023
fixed
librsvg2-devel
Amazon Linux 2023
0:2.59.2-318.amzn2023
fixed
librsvg2-tools
Amazon Linux 2023
0:2.59.2-318.amzn2023
fixed
librsvg2-tools-debuginfo
Amazon Linux 2023
0:2.59.2-318.amzn2023
fixed
mount-s3
Amazon Linux 2023
0:1.22.2-1.amzn2023
fixed
mount-s3-debuginfo
Amazon Linux 2023
0:1.22.2-1.amzn2023
fixed
mount-s3-debugsource
Amazon Linux 2023
0:1.22.2-1.amzn2023
fixed
rsvg-pixbuf-loader
Amazon Linux 2023
0:2.59.2-318.amzn2023
fixed
rsvg-pixbuf-loader-debuginfo
Amazon Linux 2023
0:2.59.2-318.amzn2023
fixed
rust-below-debugsource
Amazon Linux 2023
0:0.11.0-1.amzn2023.0.2
fixed
rust-cargo-c-debugsource
Amazon Linux 2023
0:0.10.19-1.amzn2023.0.1
fixed
thunderbird
Amazon Linux 2
0:140.7.1-1.amzn2.0.3
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
azl-compliance
CBL-Mariner 2.0
0:1.0.2-3.cm2
fixed
kata-containers
Azure Linux 3.0
0:3.19.1.kata2-5.azl3
fixed
rust
Azure Linux 3.0
0:1.75.0-27.azl3
fixed
CBL-Mariner 2.0
0:1.72.0-15.cm2
fixed