CLSA-2026-1778661102 ruby: Fix of CVE-2023-28756

CVE-2023-28756: fix ReDoS in Time.rfc2822 by linearizing the RFC2822 parser regex in lib/time.rb to prevent quadratic backtracking on crafted invalid input...

Amazon Linux 2023 : aws-nitro-tpm-tools (ALAS2023-2026-1610)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1610 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...

Amazon Linux 2023 : librsvg2, librsvg2-devel, librsvg2-tools (ALAS2023-2026-1591)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1591 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...

Security update for librsvg

This update for librsvg fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

Low: rust-below

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

SUSE-SU-2026:20661-1 Security update for virtiofsd

This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912...

Low: thunderbird

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

SUSE SLES15 / openSUSE 15 Security Update : snpguest (SUSE-SU-2026:0582-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0582-1 advisory. - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257927...

SUSE-SU-2026:20575-1 Security update for wicked2nm

This update for wicked2nm fixes the following issues: - Update to version 1.4.1 - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257908...

Security update for cargo-auditable

This update for cargo-auditable fixes the following issues: Update to version 0.7.20. Security issues fixed: CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257906. Other updates and bugfixes: Update to version 0.7.20: mention cargo-dist...

CVE-2026-25727

CVE-2026-25727 affects the Rust time crate: versions 0.3.6 up to but not including 0.3.47 allow a denial-of-service via stack exhaustion when input parsed as RFC 2822. The vulnerability relies on deprecated RFC 2822 features; a recursion-depth limit was introduced in 0.3.47, which now returns an ...

time vulnerable to stack exhaustion Denial of Service attack

Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...

python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

USN-6550-1: PostfixAdmin vulnerabilities

It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. CVE-2022-29221 It was discovered that Moment.js, that is...

Debian: Security Advisory (DLA-0011-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2014-0477

The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service CPU consumption via an empty quoted string in an RFC 2822 address...

[SECURITY] Fedora 29 Update: perl-Email-Address-1.912-1.fc29

This class implements a regex-based RFC 2822 parser that locates email addresses in strings and returns a list of Email::Address objects found. Alternatively you may construct objects manually. The goal of this software is to be correct, and very very fast...

[SECURITY] Fedora 28 Update: perl-Email-Address-1.912-1.fc28

This class implements a regex-based RFC 2822 parser that locates email addresses in strings and returns a list of Email::Address objects found. Alternatively you may construct objects manually. The goal of this software is to be correct, and very very fast...

Endian Firewall Stored From XSS to Remote Command Execution

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system...