AZL-77091 CVE-2026-25727 affecting package rust 1.90.0-4

🗓️ 06 Feb 2026 20:16:11Reported by GoogleType

osv

osv🔗 osv.dev👁 2 Views

Rust time crate DoS via stack exhaustion on RFC 2822 input; depth limit added in 0.3.47.

Reporter	Title	Published	Views	Family All 358
IBM Security Bulletins	Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of the time crate (CVE-2026-25727)	8 May 202618:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Edge Data Collector uses time-0.3.37.crate which is vulnerable to CVE-2026-25727.	30 Mar 202607:20	–	ibm
ATTACKERKB	CVE-2026-25727	6 Feb 202619:20	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : firefox (ALAS2023-2026-1445)	6 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : mount-s3 (ALAS2023-2026-1510)	1 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : below (ALAS2023-2026-1523)	1 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : cargo-c (ALAS2023-2026-1527)	1 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : amazon-efs-utils (ALAS2023-2026-1564)	13 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : librsvg2, librsvg2-devel, librsvg2-tools (ALAS2023-2026-1591)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : aws-nitro-tpm-tools (ALAS2023-2026-1610)	30 Apr 202600:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-25727

21 Apr 2026 04:34Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.16.5

CVSS 46.8

EPSS0.00016

SSVC

time crate denial of service stack exhaustion internet date format version 0.3.47 input parsing