CVE-2026-25727
published 2026-02-06CVE-2026-25727: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822…
PriorityP432medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
0.29%
20.8th percentile
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rust-time | < rust-time 0.3.47-1 (forky) | rust-time 0.3.47-1 (forky) |
| time-rs | time | — | — |
| time_project | time | >= 0.3.6 < 0.3.47 | 0.3.47 |
| time_project | time | >= 0.3.6 < 0.3.47 | 0.3.47 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv4.06.8MEDIUMCVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
time: time affected by a stack exhaustion denial of service attack
vendor_redhat·2026-02-06·CVSS 6.8
CVE-2026-25727 [MEDIUM] CWE-770 time: time affected by a stack exhaustion denial of service attack
time: time affected by a stack exhaustion denial of service attack
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
A stack exhaustion flaw has been discovered in the rust time crate. When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service a
Debian
CVE-2026-25727: rust-time - time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when ...
vendor_debian·2026·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727: rust-time - time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when ...
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
Scope: local
bookworm: open
bullseye: resolved
forky: resolved (fixed in 0.3.47-1)
sid: resolved (fixed in 0.3.47-1)
trixie: open
OSV
CVE-2026-25727: time provides date and time handling in Rust
osv·2026-02-06·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727: time provides date and time handling in Rust
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
OSV
time vulnerable to stack exhaustion Denial of Service attack
osv·2026-02-05
CVE-2026-25727 [MEDIUM] time vulnerable to stack exhaustion Denial of Service attack
time vulnerable to stack exhaustion Denial of Service attack
### Impact
When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario.
### Patches
A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
### Workarounds
Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of the stack consumed would be at most a factor of the length of the input.
Alternatively, avoiding the format altoget
OSV
Denial of Service via Stack Exhaustion
osv·2026-02-05
CVE-2026-25727 Denial of Service via Stack Exhaustion
Denial of Service via Stack Exhaustion
## Impact
When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
service attack via stack exhaustion is possible. The attack relies on formally deprecated and
rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
non-malicious input will never encounter this scenario.
## Patches
A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
rather than exhausting the stack.
## Workarounds
Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
the stack consumed would be at most a factor of the length of the input.
GHSA
time vulnerable to stack exhaustion Denial of Service attack
ghsa·2026-02-05
CVE-2026-25727 [MEDIUM] CWE-121 time vulnerable to stack exhaustion Denial of Service attack
time vulnerable to stack exhaustion Denial of Service attack
### Impact
When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario.
### Patches
A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
### Workarounds
Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of the stack consumed would be at most a factor of the length of the input.
Alternatively, avoiding the format altoget
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-25727 cosmic-idle: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-idle: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-idle: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained versi
Bugzilla
CVE-2026-25727 bpfman: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 bpfman: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 bpfman: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, c
Bugzilla
CVE-2026-25727 cosmic-launcher: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-launcher: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-launcher: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained v
Bugzilla
CVE-2026-25727 cosmic-greeter: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-greeter: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-greeter: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained ve
Bugzilla
CVE-2026-25727 trunk: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 trunk: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 trunk: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, ch
Bugzilla
CVE-2026-25727 aw-server-rust: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 aw-server-rust: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 aw-server-rust: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained ve
Bugzilla
CVE-2026-25727 fido-device-onboard: time affected by a stack exhaustion denial of service attack [fedora-43]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 fido-device-onboard: time affected by a stack exhaustion denial of service attack [fedora-43]
CVE-2026-25727 fido-device-onboard: time affected by a stack exhaustion denial of service attack [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
Proposed as a Freeze Exception for 44-final by Fedora user pbrobinson using the blocker tracking app because:
Plus 2449677. Included in IoT Edition as a default package so would like to fix CVE-2026-25727, CVE-2026-33056 for GA images.
---
FEDORA-2026-9e223ca14f (fido-device-onboard-0.5.5-8.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-9e223ca14f
---
FEDORA-2026-e6237c2efe (fido-device-
Bugzilla
CVE-2026-25727 thunderbird: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 thunderbird: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 thunderbird: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained versi
Bugzilla
CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [fedora-43]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [fedora-43]
CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-2026-264f9ef567 (vaultwarden-1.36.0-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-264f9ef567
Bugzilla
CVE-2026-25727 rizin: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 rizin: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 rizin: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, ch
Bugzilla
CVE-2026-25727 cosmic-settings-daemon: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-settings-daemon: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-settings-daemon: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maint
Bugzilla
CVE-2026-25727 cosmic-term: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-term: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-term: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained versi
Bugzilla
CVE-2026-25727 pop-launcher: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 pop-launcher: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 pop-launcher: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained vers
Bugzilla
CVE-2026-25727 cosmic-initial-setup: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-initial-setup: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-initial-setup: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintai
Bugzilla
CVE-2026-25727 cosmic-edit: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-edit: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-edit: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained versi
Bugzilla
CVE-2026-25727 awatcher: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 awatcher: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 awatcher: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version,
Bugzilla
CVE-2026-25727 cosmic-osd: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-osd: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-osd: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained versio
Bugzilla
CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained versi
Bugzilla
CVE-2026-25727 fragments: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 fragments: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 fragments: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version
Bugzilla
CVE-2026-25727 tree-sitter: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 tree-sitter: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 tree-sitter: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained versi
Bugzilla
CVE-2026-25727 hyfetch: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 hyfetch: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 hyfetch: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version,
Bugzilla
CVE-2026-25727 cosmic-settings: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-settings: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-settings: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained v
Bugzilla
CVE-2026-25727 cosmic-app-library: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-app-library: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-app-library: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintaine
Bugzilla
CVE-2026-25727 firefox: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 firefox: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 firefox: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version,
Bugzilla
CVE-2026-25727 selenium-manager: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 selenium-manager: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 selenium-manager: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained
Bugzilla
CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [epel-9]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [epel-9]
CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-EPEL-2026-759c8b25a3 (vaultwarden-1.36.0-1.el9) has been submitted as an update to Fedora EPEL 9.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-759c8b25a3
---
FEDORA-EPEL-2026-759c8b25a3 has been pushed to the Fedora EPEL 9 testing repository.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-759c8b25a3
See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on
Bugzilla
CVE-2026-25727 gst-devtools: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 gst-devtools: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 gst-devtools: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained vers
Bugzilla
CVE-2026-25727 mozjs115: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 mozjs115: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 mozjs115: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version,
Bugzilla
CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [epel-10]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [epel-10]
CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-EPEL-2026-d5e54be3b9 (vaultwarden-1.36.0-1.el10_3) has been submitted as an update to Fedora EPEL 10.3.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-d5e54be3b9
---
FEDORA-EPEL-2026-d857066999 (vaultwarden-1.36.0-1.el10_2) has been submitted as an update to Fedora EPEL 10.2.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-d857066999
---
FEDORA-EPEL-2026-d857066999 has been pushed to the Fedora EPEL 10.2 testing repository.
You
Bugzilla
CVE-2026-25727 cosmic-store: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-store: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-store: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained vers
Bugzilla
CVE-2026-25727 icecat: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 icecat: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 icecat: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, c
Bugzilla
CVE-2026-25727 fractal: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 fractal: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 fractal: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version,
Bugzilla
CVE-2026-25727 cosmic-comp: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-comp: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-comp: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained versi
Bugzilla
CVE-2026-25727 trustee-guest-components: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 trustee-guest-components: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 trustee-guest-components: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently mai
Bugzilla
CVE-2026-25727 php-williamdes-mariadb-mysql-kbs: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 php-williamdes-mariadb-mysql-kbs: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 php-williamdes-mariadb-mysql-kbs: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a curre
Bugzilla
CVE-2026-25727 cosmic-applets: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-applets: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-applets: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained ve
Bugzilla
CVE-2026-25727 cosmic-files: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-files: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-files: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained vers
Bugzilla
CVE-2026-25727 cosmic-workspaces: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-workspaces: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-workspaces: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained
Bugzilla
CVE-2026-25727 kata-containers: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 kata-containers: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 kata-containers: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained v
Bugzilla
CVE-2026-25727 xdg-desktop-portal-cosmic: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 xdg-desktop-portal-cosmic: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 xdg-desktop-portal-cosmic: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently ma
Bugzilla
CVE-2026-25727 mingw-librsvg2: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 mingw-librsvg2: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 mingw-librsvg2: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained ve
Bugzilla
CVE-2026-25727 fapolicy-analyzer: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 fapolicy-analyzer: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 fapolicy-analyzer: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained
Bugzilla
CVE-2026-25727 cosmic-player: time affected by a stack exhaustion denial of service attack [fedora-42]
bugzilla·2026-02-09·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 cosmic-player: time affected by a stack exhaustion denial of service attack [fedora-42]
CVE-2026-25727 cosmic-player: time affected by a stack exhaustion denial of service attack [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained ver
Wiz
CVE-2026-25727 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-25727 [MEDIUM] CVE-2026-25727 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25727 :
Rust vulnerability analysis and mitigation
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
Source : NVD
## 6.8
Score
Published February 6, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
Rust
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA
2026-02-06
Published