Описание
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.
Ссылки
- Release NotesVendor Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Release NotesVendor Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
5.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.
In Rust time crate from version 0.2.7 and before version 0.2.23, unix- ...
EPSS
5.3 Medium
CVSS3
3.5 Low
CVSS2