GHSA-8rgq-m2pm-jvmg: Duplicate Advisory: gix-date can create non-utf8 string with `TimeBuf::as_str`
(updated )
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-6mw6-mj76-grwc. This link is maintained to preserve external references.
Original Description
A flaw was found in gix-date. The gix_date::parse::TimeBuf::as_str function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the TimeBuf component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.
References
- access.redhat.com/security/cve/CVE-2026-0810
- bugzilla.redhat.com/show_bug.cgi?id=2427057
- crates.io/crates/gix-date
- github.com/GitoxideLabs/gitoxide
- github.com/GitoxideLabs/gitoxide/issues/2305
- github.com/advisories/GHSA-8rgq-m2pm-jvmg
- nvd.nist.gov/vuln/detail/CVE-2026-0810
- rustsec.org/advisories/RUSTSEC-2025-0140.html
Code Behaviors & Features
Detect and mitigate GHSA-8rgq-m2pm-jvmg with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →