CVE Catalog

CVE-2026-38639

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

A vulnerability in the parse_month function (/time/strptime.rs) of relibc (commit ab6a2e) allows an attacker to cause a Denial of Service (DoS) by parsing a crafted input.

Risk Assessment

An attacker can remotely crash applications using relibc, leading to service disruption and potential financial losses.

Recommendation

Update relibc to a patched version or implement input validation before passing data to the parse_month function as a temporary workaround.

Original NVD description (English source)

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS