VYPR
Moderate severityOSV Advisory· Published Jan 26, 2026· Updated Apr 20, 2026

Gix-date: gix-date: undefined behavior due to invalid string generation

CVE-2026-0810

Description

A flaw was found in gix-date. The gix_date::parse::TimeBuf::as_str function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the TimeBuf component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
gix-datecrates.io
< 0.12.00.12.0

Affected products

10

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.