Time Project Time vulnerabilities

CVE-2026-25727 [MEDIUM] CWE-121 CVE-2026-25727: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner

CVE-2023-28756 [HIGH] CWE-1333 Ruby Time component ReDoS issue Ruby Time component ReDoS issue A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

CVE-2020-26235 [MEDIUM] CWE-476 CVE-2020-26235: In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may seg In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOf