rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
36705ccc1d51930b238e11dd9a279aed55927e3a
advisory-db/crates/chrono/RUSTSEC-2020-0159.md
Tony Arcieri 36705ccc1d RUSTSEC-2020-0159: remove "withdrawn" (#1310) 
Now that there's an actionable fix, we should encourage people to upgrade
2022-08-04 13:52:46 -06:00

781 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0159"
package = "chrono"
date = "2020-11-10"
url = "https://github.com/chronotope/chrono/issues/499"
categories = ["code-execution", "memory-corruption"]
keywords = ["segfault"]
related = ["CVE-2020-26235", "RUSTSEC-2020-0071"]

[versions]
patched = [">=0.4.20"]

Potential segfault in localtime_r invocations

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References