CVE-2026-0810 — Incorrect Calculation of Multi-Byte String Length in Gix-date

CWE-135 — Incorrect Calculation of Multi-Byte String Length CWE-682 — Incorrect Calculation CWE-787 — Out-of-bounds Write8 documents6 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 99.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitoxidelabs Gitoxide Gitoxidelabs Gix-date Debian Rust-gix-date

Timeline

PublishedJan 26

Description

A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

▶NVDgitoxidelabs/gix-date< 0.12.0

▶crates.iogitoxidelabs/gix-date0.0.0-0 — 0.12.0+1

▶debiandebian/rust-gix-date

▶CVEListV5gitoxidelabs/gitoxide< 0.12.0

🔴Vulnerability Details

OSV

CVE-2026-0810: A flaw was found in gix-date↗2026-01-26

▶

GHSA

gix-date can create non-utf8 string with `TimeBuf::as_str`↗2026-01-05

▶

OSV

gix-date can create non-utf8 string with `TimeBuf::as_str`↗2026-01-05

▶

OSV

Non-utf8 String can be created with `TimeBuf::as_str`↗2025-12-29

▶

📋Vendor Advisories

Debian

CVE-2026-0810: rust-gix-date - A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function ca...↗2026

▶

Red Hat

gix-date: gix-date: Undefined behavior due to invalid string generation↗2025-12-29

▶

🕵️Threat Intelligence

Wiz

CVE-2026-0810 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶