Skip to content

Potential segfault in `localtime_r` invocations

Moderate severity GitHub Reviewed Published Jun 16, 2022 to the GitHub Advisory Database • Updated Jan 12, 2023
Withdrawn This advisory was withdrawn on Jul 21, 2022

Package

cargo chrono (Rust)

Affected versions

< 0.4.20

Patched versions

0.4.20

Description

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

Published to the GitHub Advisory Database Jun 16, 2022
Reviewed Jun 16, 2022
Withdrawn Jul 21, 2022
Last updated Jan 12, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-cqpr-pcm7-m3jc

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.