CVE-2026-5448

X.509 date buffer overflow in wolfSSLX509notAfter / wolfSSLX509notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS...

symfony/ux-live-component Format-less date LiveProps parsed with the permissive DateTime constructor

More info at https://github.com/symfony/ux/security/advisories/GHSA-89g7-22c8-3j23...

Astra Linux - уязвимость в node-moment

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Versions of moment that were affected use an inefficient parsing algorithm. Specifically, the string-to-date parsing method used by moment more precisely, the rfc2822 parsing method, which is used by...

SUSE-SU-2026:21794-1 Security update for agama

This update for agama fixes the following issue - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257930. Changes for agama: - Update "time" crate to version 0.3.47...

libsoup3 security update

3.6.5-11 - Add patches for CVE-2026-4271 and CVE-2026-5119 3.6.5-10 - Add patch for CVE-2026-1761 3.6.5-9 - Fix CVE-2026-0719 3.6.5-8 - Fix CVE-2025-14523 3.6.5-7 - Add patch for CVE-2025-12105 3.6.5-6 - Fix integer overflow in date/time parsing 3.6.5-5 - Bump revision number 3.6.5-4 - Fix severa...

SUSE SLED15 / SLES15 Security Update : librsvg (SUSE-SU-2026:1750-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1750-1 advisory. This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 28...

CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

GO-2026-4986 Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

SUSE-SU-2026:1750-1 Security update for librsvg

This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...

Security update for librsvg

This update for librsvg fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

SUSE-SU-2026:1599-1 Security update for librsvg

This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...

openSUSE 16 Security Update : librsvg (openSUSE-SU-2026:20610-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20610-1 advisory. This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack...

SUSE-SU-2026:21377-1 Security update for librsvg

This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...

OPENSUSE-SU-2026:20610-1 Security update for librsvg

This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

EUVD-2026-21233

X.509 date buffer overflow in wolfSSLX509notAfter / wolfSSLX509notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the wolfSSLX509notAfter or wolfSSLX509notBefore functions when parsing date fields from a specially crafted X.509 certificate via the compatibility layer API. An attacker can cause a buffer overflow by...

CVE-2026-5448

X.509 date buffer overflow in wolfSSLX509notAfter / wolfSSLX509notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS...

Linux Distros Unpatched Vulnerability : CVE-2026-5448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - X.509 date buffer overflow in wolfSSLX509notAfter / wolfSSLX509notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate...

CVE-2026-5448

The CVE-2026-5448 entry describes a X.509 date buffer overflow in wolfSSL_X509_notAfter/notBefore triggered when parsing date fields via the compatibility layer API. The flaw may occur when an application directly calls these APIs; TLS handshake and certificate verification are not affected. Affe...