Fix chrono — CVE-2020-26235 MEDIUM
Fix CVE-2020-26235 (MEDIUM) in chrono for Rust. Paste your Cargo.toml into PackageFix and get a patched version — no CLI, no signup. Segmentation fault via crafted timezone string.
⚠ Vulnerability
CVE-2020-26235 (MEDIUM) — segmentation fault via crafted timezone string in chrono below 0.4.38.
Vulnerable — Cargo.toml
chrono = "0.4.24"
Fixed — Cargo.toml
chrono = "0.4.38"
✓ Fix
Update chrono to 0.4.38 and run cargo update.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2020-26235 |
| Severity | MEDIUM |
| Package | chrono (Rust) |
| Safe version | 0.4.38 |
| CISA KEV | — |
| Description | Segmentation fault via crafted timezone string |
Frequently Asked Questions
What is CVE-2020-26235?
CVE-2020-26235 is a MEDIUM severity vulnerability in chrono (Rust) that allows segmentation fault via crafted timezone string. Update to 0.4.38 or later.
How do I fix CVE-2020-26235 in chrono?
Update chrono to version 0.4.38 in your Cargo.toml and run cargo update.
Is CVE-2020-26235 being actively exploited?
Check packagefix.dev — the CISA KEV catalog updates daily.
How do I verify the fix for CVE-2020-26235?
After updating, paste your Cargo.toml into PackageFix again. If CVE-2020-26235 no longer appears in the CVE table, the fix is applied.