RUSTSEC-2020-0159

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0159

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0159.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0159

Related

CVE-2020-26235
RUSTSEC-2020-0071

Published

2020-11-10T12:00:00Z

Modified

2022-08-04T19:52:46Z

Summary

Potential segfault in `localtime_r` invocations

Details

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

time-rs/time#293

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / chrono

Package

Name: chrono; View open source insights on deps.dev
Purl: pkg:cargo/chrono

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.4.20

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "code-execution",
        "memory-corruption"
    ]
}