CVE-2026-25727

EUVD-2026-5587
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
time_projecttime
0.3.6 ≤
𝑥
< 0.3.47
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rust-time
bookworm
no-dsa
bullseye
0.1.42-1
fixed
forky
0.3.47-1
fixed
sid
0.3.47-1
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
SLES16-Migration
suse enterprise desktop 15 SP7
2.1.30-15.26.4
fixed
suse enterprise sap 15 SP7
2.1.30-15.26.4
fixed
suse enterprise server 15 SP7
2.1.30-15.26.4
fixed
gdk-pixbuf-loader-rsvg
suse enterprise desktop 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise sap 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP4
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP7
2.57.4-150600.3.8.2
fixed
librsvg-2-2
suse enterprise desktop 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise sap 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP4
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP7
2.57.4-150600.3.8.2
fixed
librsvg-devel
suse enterprise desktop 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise sap 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP4
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP7
2.57.4-150600.3.8.2
fixed
python3-migration
suse enterprise desktop 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise sap 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise server 15 SP7
2.1.30-150700.15.21.1
fixed
snpguest
suse enterprise server 15 SP6
0.3.2-150600.3.9.1
fixed
suse-migration-pre-checks
suse enterprise desktop 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise sap 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise server 15 SP7
2.1.30-150700.15.21.1
fixed
suse-migration-scripts
suse enterprise desktop 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise sap 15 SP7
2.1.30-150700.15.21.1
fixed
suse enterprise server 15 SP7
2.1.30-150700.15.21.1
fixed
suse-migration-sle16-activation
suse enterprise desktop 15 SP7
2.1.30-150700.15.13.1
fixed
suse enterprise sap 15 SP7
2.1.30-150700.15.13.1
fixed
suse enterprise server 15 SP7
2.1.30-150700.15.13.1
fixed
typelib-1_0-Rsvg-2_0
suse enterprise desktop 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise sap 15 SP7
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP4
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.52.12-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.57.4-150600.3.8.2
fixed
suse enterprise server 15 SP7
2.57.4-150600.3.8.2
fixed
virtiofsd
suse enterprise desktop 15 SP7
1.12.0-150700.3.3.1
fixed
suse enterprise sap 15 SP7
1.12.0-150700.3.3.1
fixed
suse enterprise server 15 SP6
1.10.1-150600.4.6.1
fixed
suse enterprise server 15 SP7
1.12.0-150700.3.3.1
fixed
wicked2nm
suse enterprise desktop 15 SP7
1.4.1-150700.15.16.1
fixed
suse enterprise sap 15 SP7
1.4.1-150700.15.16.1
fixed
suse enterprise server 15 SP7
1.4.1-150700.15.16.1
fixed
Common Weakness Enumeration
References
https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee
https://github.com/time-rs/time/releases/tag/v0.3.47
https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc