Bug 2437727 (CVE-2026-25727)
| Summary: | CVE-2026-25727 time: time affected by a stack exhaustion denial of service attack | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | anpicker, anthomas, bbrownin, bdettelb, bparees, brasmith, cochase, dbosanac, derez, doconnor, dranck, dschmidt, ebourniv, ehelms, erezende, ggainey, gotiwari, hasun, jcantril, jfula, jgrulich, jhorak, jkoehler, jowilson, jreimann, juwatts, kshier, lball, lgallett, lphiri, mattdavi, mdessi, mhulan, mrizzi, mvyas, ngough, nmoumoul, nyancey, ometelka, osousa, pcattana, pcreech, ptisnovs, rchan, rojacob, sbunciak, sdawley, smallamp, smcdonal, stcannon, syedriko, teagle, tmalecek, tpopela, veshanka, xdharmai, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A stack exhaustion flaw has been discovered in the rust time crate. When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2438031, 2438034, 2438035, 2438037, 2438038, 2438042, 2438044, 2438047, 2438048, 2438049, 2438050, 2438051, 2438052, 2438053, 2438054, 2438055, 2438056, 2438057, 2438058, 2438059, 2438060, 2438061, 2438062, 2438063, 2438064, 2438065, 2438066, 2438067, 2438068, 2438069, 2438071, 2438072, 2438073, 2438074, 2438078, 2438079, 2438081, 2438082, 2438084, 2438089, 2438092, 2438094, 2438095, 2438096, 2438099, 2438101, 2438105, 2438106, 2438107, 2438108, 2438109, 2438110, 2438111, 2438113, 2438114, 2438115, 2438116, 2438117, 2438118, 2438119, 2438120, 2438121, 2438122, 2438123, 2438124, 2438125, 2438126, 2438127, 2438128, 2438129, 2438131, 2438132, 2438133, 2438134, 2438139, 2438140, 2438143, 2438144, 2438147, 2438159, 2438161, 2438162, 2438163, 2438166, 2438168, 2438032, 2438033, 2438036, 2438039, 2438040, 2438041, 2438043, 2438045, 2438046, 2438070, 2438075, 2438076, 2438077, 2438080, 2438083, 2438085, 2438086, 2438087, 2438088, 2438090, 2438091, 2438093, 2438097, 2438098, 2438100, 2438102, 2438103, 2438104, 2438130, 2438135, 2438136, 2438137, 2438138, 2438141, 2438142, 2438145, 2438146, 2438148, 2438149, 2438150, 2438152, 2438154, 2438156, 2438158, 2438160, 2438164, 2438165, 2438167, 2438169 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-02-09 11:02:33 UTC
|