CVE-2024-43380 Information

Description

fugit contains time tools for flor and the floraison group. The fugit atural\ parser that turns very wednesday at 5pm\ into  3\ accepted any length of input and went on attempting to parse it not returning promptly as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1.

Reference

https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g https://github.com/floraison/fugit/issues/104 https://github.com/floraison/fugit/commit/ad2c1c9c737213d585fff0b51c927d178b2c05a5