HIGHCVE-2026-0810Published Modified CNA redhat
CVE-2026-0810: Gix-date: gix-date: undefined behavior due to invalid string generation
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.
Metrics
- CVSS v3.1
- 7.1
- Severity
- HIGH
- Fixed in
- 0.12.0
- Affected Products
- 11
Fix available
0.12.0
Affected packages
- GitoxideLabs / gitoxide< 0.12.0 (from 0)
- Red Hat / Logging Subsystem for Red Hat OpenShift
- Red Hat / Logging Subsystem for Red Hat OpenShift
- Red Hat / Logging Subsystem for Red Hat OpenShift
- Red Hat / Logging Subsystem for Red Hat OpenShift
- Red Hat / Logging Subsystem for Red Hat OpenShift
- Red Hat / Logging Subsystem for Red Hat OpenShift
- Red Hat / Logging Subsystem for Red Hat OpenShift
- Red Hat / Red Hat Enterprise Linux 10
- Red Hat / Red Hat Enterprise Linux 8
- Red Hat / Red Hat Enterprise Linux 9
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H