CVE-2026-0810 - Vulnerability Details - OpenCVE

No description is available for this CVE.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://crates.io/crates/gix-date
https://github.com/GitoxideLabs/gitoxide/issues/2305
https://nvd.nist.gov/vuln/detail/CVE-2026-0810
https://rustsec.org/advisories/RUSTSEC-2025-0140.html
https://www.cve.org/CVERecord?id=CVE-2026-0810

History

Fri, 16 Jan 2026 00:15:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		gix-date: gix-date: Undefined behavior due to invalid string generation
Weaknesses		CWE-135
References		https://crates.io/crates/gix-date https://github.com/GitoxideLabs/gitoxide/issues/2305 https://nvd.nist.gov/vuln/detail/CVE-2026-0810 https://rustsec.org/advisories/RUSTSEC-2025-0140.html https://www.cve.org/CVERecord?id=CVE-2026-0810
Metrics	threat_severity `None`	cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}` threat_severity `Moderate`

MITRE

No data.

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2025-12-29T12:00:00Z

Links: CVE-2026-0810 - Bugzilla

{"bugzilla": {"description": "gix-date: gix-date: Undefined behavior due to invalid string generation", "id": "2427057", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427057"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-135", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-0810", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/cluster-logging-operator-bundle", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/cluster-logging-rhel9-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/eventrouter-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/fluentd-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/log-file-metric-exporter-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/logging-view-plugin-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "openshift-logging/vector-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "rust-toolset:rhel8/rust", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-29T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-0810\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-0810\nhttps://crates.io/crates/gix-date\nhttps://github.com/GitoxideLabs/gitoxide/issues/2305\nhttps://rustsec.org/advisories/RUSTSEC-2025-0140.html"], "statement": "This vulnerability is rated Moderate for Red Hat products. A flaw in the `gix-date` library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availability as it eventually may lead to the software using the gix_date library to crash.", "threat_severity": "Moderate"}