CVE-2020-26235

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-26235
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26235.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-26235
Aliases
Related
Published
2020-11-24T22:15:11Z
Modified
2025-02-19T03:09:28.009968Z
Downstream
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::localoffsetat, time::UtcOffset::trylocaloffsetat, time::UtcOffset::currentlocaloffset, time::UtcOffset::trycurrentlocaloffset, time::OffsetDateTime::nowlocal and time::OffsetDateTime::trynow_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.

References

Affected packages

Git / github.com/time-rs/time

Affected ranges

Type
GIT
Repo
https://github.com/time-rs/time
Events

Affected versions

v0.*

v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.14
v0.2.15
v0.2.16
v0.2.17
v0.2.18
v0.2.19
v0.2.20
v0.2.21
v0.2.22
v0.2.7
v0.2.8
v0.2.9