Time
Monthly
The Rust time library versions 0.3.6 through 0.3.46 are vulnerable to denial of service through stack exhaustion when processing maliciously crafted RFC 2822 formatted input. An unauthenticated attacker can trigger recursive parsing of deprecated RFC 2822 features to exhaust stack memory and crash applications using affected versions. A patch implementing recursion depth limits is available in version 0.3.47 and later.
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
The Rust time library versions 0.3.6 through 0.3.46 are vulnerable to denial of service through stack exhaustion when processing maliciously crafted RFC 2822 formatted input. An unauthenticated attacker can trigger recursive parsing of deprecated RFC 2822 features to exhaust stack memory and crash applications using affected versions. A patch implementing recursion depth limits is available in version 0.3.47 and later.
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.