{"id":"CVE-2020-26235","details":"In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.","aliases":["GHSA-wcg3-cvx6-7396","RUSTSEC-2020-0071"],"modified":"2026-03-13T22:01:01.827637Z","published":"2020-11-24T22:15:11.657Z","related":["CGA-6cq7-2mj5-p8xc","GHSA-wcg3-cvx6-7396","RUSTSEC-2020-0159","openSUSE-SU-2024:12746-1"],"references":[{"type":"ADVISORY","url":"https://crates.io/crates/time/0.2.23"},{"type":"REPORT","url":"https://github.com/time-rs/time/issues/293"},{"type":"FIX","url":"https://github.com/time-rs/time/security/advisories/GHSA-wcg3-cvx6-7396"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/time-rs/time","events":[{"introduced":"21048192e76dd5faa107af0e2ee5f6bd208c1f87"},{"fixed":"f153a1ca5fdfec979f16c49619e6034cc67e186d"}],"database_specific":{"versions":[{"introduced":"0.2.7"},{"fixed":"0.2.23"}]}}],"versions":["v0.2.10","v0.2.11","v0.2.12","v0.2.13","v0.2.14","v0.2.15","v0.2.16","v0.2.17","v0.2.18","v0.2.19","v0.2.20","v0.2.21","v0.2.22","v0.2.7","v0.2.8","v0.2.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26235.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}