CVE-2020-26235
published 2020-11-24CVE-2020-26235: In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific…
PriorityP427medium5.3CVSS 3.1
AVNACHPRLUINSUCNINAH
EPSS
1.88%
76.8th percentile
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rust-time | — | — |
| time-rs | time | — | — |
| time_project | time | >= 0.0.0-0 < 0.2.0 | 0.2.0 |
| time_project | time | >= 0.1.0 < 0.2.23 | 0.2.23 |
| time_project | time | >= 0.2.1-0 < 0.2.1 | 0.2.1 |
| time_project | time | >= 0.2.2-0 < 0.2.2 | 0.2.2 |
| time_project | time | >= 0.2.3-0 < 0.2.3 | 0.2.3 |
| time_project | time | >= 0.2.4-0 < 0.2.4 | 0.2.4 |
| time_project | time | >= 0.2.5-0 < 0.2.5 | 0.2.5 |
| time_project | time | >= 0.2.6-0 < 0.2.6 | 0.2.6 |
| time_project | time | >= 0.2.7 < 0.2.23 | 0.2.23 |
| time_project | time | >= 0.2.7 < 0.2.23 | 0.2.23 |
| time_project | time | >= 0.2.7-0 < 0.2.23 | 0.2.23 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
ghsa5.3MEDIUM
osv5.3MEDIUM
vendor_debian5.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Chrono has potential segfault issue in SPIFFE authenticator
ghsa·2022-02-11·CVSS 5.3
CVE-2020-26235 [MEDIUM] CWE-476 Chrono has potential segfault issue in SPIFFE authenticator
Chrono has potential segfault issue in SPIFFE authenticator
### Impact
Several vulnerabilities have been reported in the `time` and `chrono` crates related to handling of calls to `localtime_r`. You can follow some of the discussions [here](https://github.com/chronotope/chrono/issues/602) and [here](https://github.com/time-rs/time/issues/293), and the associated CVE [here](https://nvd.nist.gov/vuln/detail/CVE-2020-26235). In our case, the issue with the dependency was flagged by our nightly CI build running [`cargo-audit`](https://github.com/parallaxsecond/parsec/issues/544).
The vulnerability leads to a segfault in specific circumstances - namely, when one of a number of functions in the `time` crate is called while any other thread is setting an environment variable. Given that in the
OSV
Chrono has potential segfault issue in SPIFFE authenticator
osv·2022-02-11·CVSS 5.3
CVE-2020-26235 [MEDIUM] Chrono has potential segfault issue in SPIFFE authenticator
Chrono has potential segfault issue in SPIFFE authenticator
### Impact
Several vulnerabilities have been reported in the `time` and `chrono` crates related to handling of calls to `localtime_r`. You can follow some of the discussions [here](https://github.com/chronotope/chrono/issues/602) and [here](https://github.com/time-rs/time/issues/293), and the associated CVE [here](https://nvd.nist.gov/vuln/detail/CVE-2020-26235). In our case, the issue with the dependency was flagged by our nightly CI build running [`cargo-audit`](https://github.com/parallaxsecond/parsec/issues/544).
The vulnerability leads to a segfault in specific circumstances - namely, when one of a number of functions in the `time` crate is called while any other thread is setting an environment variable. Given that in the
GHSA
Segmentation fault in time
ghsa·2021-08-25
CVE-2020-26235 [MEDIUM] CWE-476 Segmentation fault in time
Segmentation fault in time
### Impact
Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
The affected functions from time 0.2.7 through 0.2.22 are:
- `time::UtcOffset::local_offset_at`
- `time::UtcOffset::try_local_offset_at`
- `time::UtcOffset::current_local_offset`
- `time::UtcOffset::try_current_local_offset`
- `time::OffsetDateTime::now_local`
- `time::OffsetDateTime::try_now_local`
The affected functions in time 0.1 (all versions) are:
- `at`
- `at_utc`
- `now`
Non-Unix targets (including Windows and wasm) are unaffected.
### Patches
In some ver
OSV
Segmentation fault in time
osv·2021-08-25
CVE-2020-26235 [MEDIUM] Segmentation fault in time
Segmentation fault in time
### Impact
Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
The affected functions from time 0.2.7 through 0.2.22 are:
- `time::UtcOffset::local_offset_at`
- `time::UtcOffset::try_local_offset_at`
- `time::UtcOffset::current_local_offset`
- `time::UtcOffset::try_current_local_offset`
- `time::OffsetDateTime::now_local`
- `time::OffsetDateTime::try_now_local`
The affected functions in time 0.1 (all versions) are:
- `at`
- `at_utc`
- `now`
Non-Unix targets (including Windows and wasm) are unaffected.
### Patches
In some ver
OSV
CVE-2020-26235: In Rust time crate from version 0
osv·2020-11-24·CVSS 5.3
CVE-2020-26235 [MEDIUM] CVE-2020-26235: In Rust time crate from version 0
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.
OSV
Potential segfault in the time crate
osv·2020-11-18
CVE-2020-26235 Potential segfault in the time crate
Potential segfault in the time crate
### Impact
The affected functions set environment variables without synchronization. On Unix-like operating systems, this can crash in multithreaded programs. Programs may segfault due to dereferencing a dangling pointer if an environment variable is read in a different thread than the affected functions. This may occur without the user's knowledge, notably in the Rust standard library or third-party libraries.
The affected functions from time 0.2.7 through 0.2.22 are:
- `time::UtcOffset::local_offset_at`
- `time::UtcOffset::try_local_offset_at`
- `time::UtcOffset::current_local_offset`
- `time::UtcOffset::try_current_local_offset`
- `time::OffsetDateTime::now_local`
- `time::OffsetDateTime::try_now_local`
The affected functions in time 0.1 (all ve
Debian
CVE-2020-26235: rust-time - In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like opera...
vendor_debian·2020·CVSS 5.3
CVE-2020-26235 [MEDIUM] CVE-2020-26235: rust-time - In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like opera...
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
2020-11-24
Published