CVE-2020-26235

CVE-2020-26235 affects the Rust time crate: versions 0.2.7 through before 0.2.23 can segfault on unix-like OSes when an environment variable is set from another thread, due to a dangling pointer dereference. Affected functions include time::UtcOffset::local_offset_at, try_local_offset_at, current...

CVE-2026-25727

CVE-2026-25727 affects the Rust time crate: versions 0.3.6 up to but not including 0.3.47 allow a denial-of-service via stack exhaustion when input parsed as RFC 2822. The vulnerability relies on deprecated RFC 2822 features; a recursion-depth limit was introduced in 0.3.47, which now returns an ...