vulnerability

SUSE: CVE-2026-25727: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:N/I:N/A:C)	Feb 11, 2026	Feb 16, 2026	Feb 17, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:C)

Published

Feb 11, 2026

Added

Feb 16, 2026

Modified

Feb 17, 2026

Description

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.

Solution

suse-upgrade-cargo-auditable

References

CVE-2026-25727
https://attackerkb.com/topics/CVE-2026-25727
CWE-121
SUSE-SUSE-SU-2026:0452-1
SUSE-SUSE-SU-2026:0453-1
SUSE-SUSE-SU-2026:0470-1
SUSE-SUSE-SU-2026:0505-1
SUSE-SUSE-SU-2026:0506-1
SUSE-SUSE-SU-2026:0514-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today