Skip to main content

Time

3 CVEs product

Monthly

CVE-2026-25727 Cargo MEDIUM PATCH This Month

The Rust time library versions 0.3.6 through 0.3.46 are vulnerable to denial of service through stack exhaustion when processing maliciously crafted RFC 2822 formatted input. An unauthenticated attacker can trigger recursive parsing of deprecated RFC 2822 features to exhaust stack memory and crash applications using affected versions. A patch implementing recursion depth limits is available in version 0.3.47 and later.

Denial Of Service Time Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-28756 Ruby MEDIUM PATCH This Month

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ruby Time Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2020-26235 Cargo MEDIUM PATCH This Month

In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Microsoft Time
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Rust time library versions 0.3.6 through 0.3.46 are vulnerable to denial of service through stack exhaustion when processing maliciously crafted RFC 2822 formatted input. An unauthenticated attacker can trigger recursive parsing of deprecated RFC 2822 features to exhaust stack memory and crash applications using affected versions. A patch implementing recursion depth limits is available in version 0.3.47 and later.

Denial Of Service Time Red Hat +1
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ruby Time +2
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Microsoft +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy