CVE-2026-0810— Gix-date: gix-date: undefined behavior due to invalid string generation
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-0810
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gix-date: gix-date: undefined behavior due to invalid string generation
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
多字节字符串长度的计算不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
gitoxide 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
gitoxide是Sebastian Thiel个人开发者的一个用 Rust 编写的 git 实现。 gix-date存在安全漏洞,该漏洞源于as_str函数可能生成无效非UTF-8字符串,可能导致应用程序不稳定。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| GitoxideLabs | gitoxide | 0 ~ 0.12.0 | - | |
| Red Hat | Logging Subsystem for Red Hat OpenShift | - | cpe:/a:redhat:logging:5 | |
| Red Hat | Logging Subsystem for Red Hat OpenShift | - | cpe:/a:redhat:logging:5 | |
| Red Hat | Logging Subsystem for Red Hat OpenShift | - | cpe:/a:redhat:logging:5 | |
| Red Hat | Logging Subsystem for Red Hat OpenShift | - | cpe:/a:redhat:logging:5 | |
| Red Hat | Logging Subsystem for Red Hat OpenShift | - | cpe:/a:redhat:logging:5 | |
| Red Hat | Logging Subsystem for Red Hat OpenShift | - | cpe:/a:redhat:logging:5 | |
| Red Hat | Logging Subsystem for Red Hat OpenShift | - | cpe:/a:redhat:logging:5 | |
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2026-0810
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-0810
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: gitoxide
- CVE-2025-31130
gitoxide does not detect SHA-1 collision attacks - CVE-2025-22620
gix-worktree-state nonexclusive checkout sets executable fil - CVE-2024-45405
gix-path improperly resolves configuration path reported by - CVE-2024-45305
gix-path uses local config across repos when it is the highe - CVE-2024-43785
gitoxide-core does not neutralize special characters for ter
V. Comments for CVE-2026-0810
No comments yet