Vulnerabilities > CVE-2020-26235 - NULL Pointer Dereference vulnerability in Time Project Time

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

time-project

CWE-476

NVD

Published: 2020-11-24

Updated: 2024-11-21

Summary

In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.

Vulnerable Configurations

Part	Description	Count
Application	Time_Project Time Project Time 0.2.7 Time Project Time 0.2.8 Time Project Time 0.2.9 Time Project Time 0.2.10 Time Project Time 0.2.11 Time Project Time 0.2.12 Time Project Time 0.2.13 Time Project Time 0.2.14 Time Project Time 0.2.15 Time Project Time 0.2.16 Time Project Time 0.2.17 Time Project Time 0.2.18 Time Project Time 0.2.19 Time Project Time 0.2.20 Time Project Time 0.2.21 Time Project Time 0.2.22	16
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References