{"id":"RUSTSEC-2020-0159","summary":"Potential segfault in `localtime_r` invocations","details":"### Impact\n\nUnix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.\n\n### Workarounds\n\nNo workarounds are known.\n\n### References\n\n- [time-rs/time#293](https://github.com/time-rs/time/issues/293)","modified":"2026-02-04T02:59:27.428469Z","published":"2020-11-10T12:00:00Z","related":["CVE-2020-26235","RUSTSEC-2020-0071"],"database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/chrono"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0159.html"},{"type":"REPORT","url":"https://github.com/chronotope/chrono/issues/499"}],"affected":[{"package":{"name":"chrono","ecosystem":"crates.io","purl":"pkg:cargo/chrono"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.4.20"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0159.json","cvss":null,"categories":["code-execution","memory-corruption"]}}],"schema_version":"1.7.3"}