Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Segmentation fault in Rust time crate
Vulnerability Description
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
空指针解引用
Vulnerability Title
Rust time crate 代码问题漏洞
Vulnerability Description
Rust是一款通用、编译型编程语言。 Rust time crate 0.2.7版本至0.2.23版本存在安全漏洞,该漏洞源于unix操作系统可能会因为在特定环境下解引用一个悬浮指针而出现段故障。这要求用户在与受影响函数不同的线程中设置任何环境变量。受影响的函数有:time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOf
CVSS Information
N/A
Vulnerability Type
N/A