OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 17:46:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Potential segfault in the time crate (#485)

Browse Source
This commit is contained in:
Jacob Pratt
2020-11-18 21:19:28 -05:00
committed by GitHub
parent 78ad57d13b
commit 793301b134
1 changed files with 68 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
crates/time/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,68 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "time"
date = "2020-11-18"
url = "https://github.com/time-rs/time/issues/293"
categories = ["code-execution", "memory-corruption"]
cvss = "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
keywords = ["segfault"]
aliases = ["CVE-2020-26235"]
[affected]
# any Unix-like OS
os = [
"linux",
"Redox",
"rolaris",
"android",
"ios",
"macos",
"netbsd",
"openbsd",
"bitrig",
"freebsd",
]
[affected.functions]
"time::UtcOffset::local_offset_at" = ["< 0.2.23"]
"time::UtcOffset::try_local_offset_at" = ["< 0.2.23"]
"time::UtcOffset::current_local_offset" = ["< 0.2.23"]
"time::UtcOffset::try_current_local_offset" = ["< 0.2.23"]
"time::OffsetDateTime::now_local" = ["< 0.2.23"]
"time::OffsetDateTime::try_now_local" = ["< 0.2.23"]
[versions]
patched = [">= 0.2.23"]
unaffected = ["< 0.2.7"]
```
# Potential segfault in the time crate
## Impact
Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions.
The affected functions are:
- `time::UtcOffset::local_offset_at`
- `time::UtcOffset::try_local_offset_at`
- `time::UtcOffset::current_local_offset`
- `time::UtcOffset::try_current_local_offset`
- `time::OffsetDateTime::now_local`
- `time::OffsetDateTime::try_now_local`
Non-Unix targets are unaffected. This includes Windows and wasm.
## Patches
Pending a proper fix, the internal method that determines the local offset has been modified to always return `None` on the affected operating systems. This has the effect of returning an `Err` on the `try_*` methods and `UTC` on the non-`try_*` methods.
Users and library authors with time in their dependency tree should perform `cargo update`, which will pull in a the updated, unaffected code.
## Workarounds
No workarounds are known.
## References
#293