CVE-2026-0810
HIGH
GHSA-6mw6-mj76-grwc
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
4Description
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.
Analysis
The gix-date library's TimeBuf component can produce invalid UTF-8 strings that corrupt its internal safety mechanisms, triggering undefined behavior in downstream processing. This local privilege escalation vulnerability affecting gix-date has public exploit code available and can cause application crashes or unexpected behavior when a local attacker supplies malformed input. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems and applications using gix-date library and assess exposure; document findings and alert relevant teams. Within 7 days: Implement input validation and sanitization controls; restrict date/time parsing to trusted sources only; monitor for exploit attempts. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today