7.1
CVE-2026-0810
- EPSS 0.01%
- Veröffentlicht 26.01.2026 19:36:45
- Zuletzt bearbeitet 26.02.2026 16:23:35
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Gix-date: gix-date: undefined behavior due to invalid string generation
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gitoxidelabs ≫ Gix-date SwPlatformrust Version < 0.12.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.003 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
CWE-135 Incorrect Calculation of Multi-Byte String Length
The product does not correctly calculate the length of strings that can contain wide or multi-byte characters.
CWE-682 Incorrect Calculation
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.