Moderate severityOSV Advisory· Published Jan 26, 2026· Updated Apr 20, 2026
Gix-date: gix-date: undefined behavior due to invalid string generation
CVE-2026-0810
Description
A flaw was found in gix-date. The gix_date::parse::TimeBuf::as_str function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the TimeBuf component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gix-datecrates.io | < 0.12.0 | 0.12.0 |
Affected products
10- osv-coords9 versionspkg:apk/chainguard/cargo-auditpkg:apk/chainguard/cargo-cpkg:apk/chainguard/jujutsupkg:apk/chainguard/starshippkg:apk/chainguard/watchexecpkg:apk/wolfi/cargo-auditpkg:apk/wolfi/cargo-cpkg:apk/wolfi/starshippkg:cargo/gix-date
< 0.22.1-r0+ 8 more
- (no CPE)range: < 0.22.1-r0
- (no CPE)range: < 0.10.21-r0
- (no CPE)range: < 0.37.0-r0
- (no CPE)range: < 1.25.0-r0
- (no CPE)range: < 2.3.3-r0
- (no CPE)range: < 0.22.1-r0
- (no CPE)range: < 0.10.21-r0
- (no CPE)range: < 1.25.0-r0
- (no CPE)range: < 0.12.0
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-6mw6-mj76-grwcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-0810ghsaADVISORY
- access.redhat.com/security/cve/CVE-2026-0810ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- github.com/GitoxideLabs/gitoxide/commit/76376ef5e97c63e108db0c9fe2eb096f4bfe70f7ghsaWEB
- github.com/GitoxideLabs/gitoxide/issues/2305ghsaWEB
- github.com/GitoxideLabs/gitoxide/pull/2306ghsaWEB
- rustsec.org/advisories/RUSTSEC-2025-0140.htmlghsaWEB
- crates.io/crates/gix-datemitre
News mentions
0No linked articles in our index yet.