Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AC:H because a specifically invalid GDateTime must be crafted through g_date_time_add_full and reached via a consuming app; A:L reflects a bounded 2-byte over-read causing at most conditional DoS; no C/I impact.
Primary rating from Vendor (redhat).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
7DescriptionNVD
A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.
AnalysisAI
Out-of-bounds read of two bytes in GLib's g_date_time_get_ymd() (glib/gdatetime.c) lets attackers corrupt date output and trigger logic errors that may cause denial of service when an application processes an invalid GDateTime produced by g_date_time_add_full(). It affects the GNOME GLib core utility library shipped across Red Hat Enterprise Linux 6 through 10, with fixes in GLib 2.88.1 and 2.86.5. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a GLib-consuming application (1) passes attacker-influenced values into g_date_time_add_full() such that an invalid/out-of-range GDateTime is produced, and (2) subsequently calls g_date_time_get_ymd() on that object to read the year/month/day. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are mixed and warrant nuance. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An application built on GLib accepts an attacker-influenced date/interval and performs date arithmetic with g_date_time_add_full(), producing an invalid GDateTime; when it then formats or reads the result via g_date_time_get_ymd(), the 2-byte over-read corrupts the computed year/month/day and can crash or misbehave the process. A proof-of-concept is reported by SSVC, and because the flow is automatable, an attacker could repeatedly submit malformed date inputs to a network-facing service to degrade availability. |
| Remediation | Vendor-released patch: upgrade GLib to 2.88.1 (or 2.86.5 for the 2.86.x branch) which fixes the out-of-bounds read; consult the upstream tracker at https://gitlab.gnome.org/GNOME/glib/-/issues/3917 and the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-58011 for distribution-packaged builds. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all RHEL 6-10 systems and identify applications with dependencies on GLib's GDateTime functionality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Enterprise Linux
View allSudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot opti
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), t
A heap-based buffer overflow flaw was found in the rsync daemon. Rated critical severity (CVSS 9.8), this vulnerability
Stack-based buffer overflow in libxml2's xmlBuildQName function allows remote unauthenticated attackers to crash affecte
Server-to-client path traversal in rsync lets a malicious or compromised rsync server write files outside the client's i
A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no auth
A flaw was found in xfig. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit co
CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that lea
A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication
A flaw was found in libsoup. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authenticati
A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40313
GHSA-8xmh-8wfg-9f6j