GHSA-8rgq-m2pm-jvmg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8rgq-m2pm-jvmg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-8rgq-m2pm-jvmg/GHSA-8rgq-m2pm-jvmg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8rgq-m2pm-jvmg
- Withdrawn
- 2026-01-27T22:22:39Z
- Published
- 2026-01-26T21:30:36Z
- Modified
- 2026-02-03T03:07:15.414323Z
- Severity
-
- 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- Duplicate Advisory: gix-date can create non-utf8 string with `TimeBuf::as_str`
- Details
-
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-6mw6-mj76-grwc. This link is maintained to preserve external references.
Original Description
A flaw was found in gix-date. The
gix_date::parse::TimeBuf::as_strfunction can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of theTimeBufcomponent, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences. - Database specific
{ "nvd_published_at": "2026-01-26T20:16:09Z", "github_reviewed_at": "2026-01-27T22:22:39Z", "github_reviewed": true, "cwe_ids": [ "CWE-787" ], "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2026-0810
- https://github.com/GitoxideLabs/gitoxide/issues/2305
- https://access.redhat.com/security/cve/CVE-2026-0810
- https://bugzilla.redhat.com/show_bug.cgi?id=2427057
- https://crates.io/crates/gix-date
- https://github.com/GitoxideLabs/gitoxide
- https://rustsec.org/advisories/RUSTSEC-2025-0140.html
Affected packages
crates.io / gix-date
Package
- Name
- gix-date
- View open source insights on deps.dev
- Purl
- pkg:cargo/gix-date