Описание
gix-date can create non-utf8 string with TimeBuf::as_str
The function gix_date::parse::TimeBuf::as_str can create an illegal string containing non-utf8 characters. This violates the safety invariant of TimeBuf and can lead to undefined behavior when consuming the string.
The bug can be prevented by adding str::from_utf8 to the function TimeBuf::write.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2026-0810
- https://github.com/GitoxideLabs/gitoxide/issues/2305
- https://github.com/GitoxideLabs/gitoxide/pull/2306
- https://github.com/GitoxideLabs/gitoxide/commit/76376ef5e97c63e108db0c9fe2eb096f4bfe70f7
- https://access.redhat.com/security/cve/CVE-2026-0810
- https://bugzilla.redhat.com/show_bug.cgi?id=2427057
- https://rustsec.org/advisories/RUSTSEC-2025-0140.html
Пакеты
gix-date
< 0.12.0
0.12.0
Связанные уязвимости
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` f ...