CVE-2026-25727

Name of the Vulnerable Software and Affected Versions time versions 0.3.6 through 0.3.46 rust-keylime versions prior to 0.2.8+116 python-uv-build versions prior to 0.10.2 SCCache versions prior to 0.13.0

Description The time crate provides date and time handling in Rust. Versions 0.3.6 through 0.3.46 are susceptible to a denial of service attack via stack exhaustion when parsing user-provided input using the RFC 2822 format. This attack exploits formally deprecated and rarely-used features within the RFC 2822 format. The rust-keylime project includes a dependency on the 'time' crate and is therefore affected by this issue. Additionally, a heap overflow exists in SCCache 0.13.0 and earlier, potentially allowing attackers to inject persistent malware into the Rust/C++ build cache. A denial of service condition also exists in python-uv-build versions prior to 0.10.2, resulting from stack exhaustion.

Recommendations Upgrade time to version 0.3.47 or later. Upgrade rust-keylime to version 0.2.8+116 or later. Upgrade python-uv-build to version 0.10.2 or later. Upgrade SCCache to version 0.13.0 or later.