An issue in the parse_month function of the relibc library allows an attacker to cause a denial of service by feeding a specifically crafted date string to the parser. The flaw arises during month parsing and can lead to a crash or infinite loop, halting the component that relies on this routine. Because the function can be invoked with user-supplied data, the impact is a disruption of service continuity rather than a direct compromise of confidentiality or integrity.

The vulnerability affects the relibc component used in Redox OS, specifically the commit identified as ab6a2e prior to the merge request 990 that contains the fix. Any Redox OS installation or software bundle that includes this version of relibc and calls parse_month could be impacted. The references include the issue tracker and merge requests on the Redox OS GitLab repository.

No CVSS score is provided, and EPSS data is unavailable, so the numeric severity cannot be quantified. The vulnerability is not listed in the CISA KEV catalog, implying that there are no publicly known reliable exploits at the time of analysis. Nonetheless, an attacker can trigger a DoS by sending a malformed date string to any service that processes user dates via parse_month. Successful exploitation would render that component unavailable but would not grant code execution or credential compromise.