When user-provided input is provided to any type that parses with the RFC 2822 format, a Denial of Service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario.
When user-provided input is provided to any type that parses with the RFC 2822 format, a Denial of Service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario.
Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library. The affected functions from time 0.2.7 through 0.2.22 are: time::UtcOffset::local_offset_at time::UtcOffset::try_local_offset_at time::UtcOffset::current_local_offset time::UtcOffset::try_current_local_offset time::OffsetDateTime::now_local time::OffsetDateTime::try_now_local The affected functions in time 0.1 (all versions) are: at at_utc now Non-Unix …