OPENSUSE-SU-2026:20753-1 Security update for agama

This update for agama fixes the following issue - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257930. Changes for agama: - Update "time" crate to version 0.3.47...

Amazon Linux 2023 : aws-nitro-tpm-tools (ALAS2023-2026-1610)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1610 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

EUVD-2026-20853

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-5842

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-5842

CVE-2026-5842 concerns decolua 9router (≤0.3.47) where the Administrative API Endpoint under /api can bypass authorization. The root cause is described as an unauthorized access vulnerability in an unknown function of the API endpoint, exploitable remotely. Public disclosure has occurred and the ...

SUSE CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

AZL-77087 CVE-2026-25727 affecting package rust 1.75.0-25

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

AZL-77091 CVE-2026-25727 affecting package rust 1.90.0-4

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

AZL-77030 CVE-2026-25727 affecting package librsvg2 2.58.1-5

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

CVE-2026-25727 time affected by a stack exhaustion denial of service attack

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

CVE-2026-25727

CVE-2026-25727 affects the Rust time crate: versions 0.3.6 up to but not including 0.3.47 allow a denial-of-service via stack exhaustion when input parsed as RFC 2822. The vulnerability relies on deprecated RFC 2822 features; a recursion-depth limit was introduced in 0.3.47, which now returns an ...

GHSA-R6V5-FH4H-64XC time vulnerable to stack exhaustion Denial of Service attack

Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...

PT-2026-6659

Name of the Vulnerable Software and Affected Versions time versions 0.3.6 through 0.3.46 rust-keylime versions prior to 0.2.8+116 python-uv-build versions prior to 0.10.2 SCCache versions prior to 0.13.0 Description The time crate provides date and time handling in Rust. Versions 0.3.6 through...