VYPR
Moderate severityNVD Advisory· Published Nov 24, 2020· Updated Aug 4, 2024

Segmentation fault in Rust time crate

CVE-2020-26235

Description

In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
timecrates.io
>= 0.1.0, < 0.2.230.2.23
timecrates.io
>= 0.2.7, < 0.2.230.2.23

Affected products

14

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.