Vulnerability Description
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.
References
- https://github.com/Marsman1996/pocs/tree/master/redox/CVE-2026-38639
- https://gitlab.redox-os.org/redox-os/relibc/-/issues/265
- https://gitlab.redox-os.org/redox-os/relibc/-/merge_requests/990
- https://gitlab.redox-os.org/redox-os/relibc/-/work_items/265
FAQ
What is CVE-2026-38639?
CVE-2026-38639 is a documented vulnerability. An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.
How severe is CVE-2026-38639?
CVSS scoring is not yet available for CVE-2026-38639. Check NVD for updates.
Is there a patch for CVE-2026-38639?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.