Reported

April 23, 2020

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

rusqlite (crates.io)

Type

Vulnerability

Aliases

• CVE-2020-35866
• CVE-2020-35867
• CVE-2020-35868
• CVE-2020-35869
• CVE-2020-35870
• CVE-2020-35871
• CVE-2020-35872
• CVE-2020-35873
• GHSA-28ph-f7gx-fqj8
• GHSA-3cgf-9m6x-pwwr
• GHSA-6q5w-m3c5-rv95
• GHSA-8h4j-vm3r-vcq3
• GHSA-8r7q-r9mx-35rh
• GHSA-g4w7-3qr8-5623
• GHSA-q3cc-7p7g-392c
• GHSA-rjh8-p66p-jrh5

References

• https://github.com/rusqlite/rusqlite/releases/tag/0.23.0

Patched

• >=0.23.0

Affected Functions

Version

rusqlite::Connection::get_aux

• <0.23.0

rusqlite::Connection::set_aux

• <0.23.0

rusqlite::session::Session::attach

• <0.23.0

rusqlite::session::Session::diff

• <0.23.0

rusqlite::trace::log

• <0.23.0

rusqlite::vtab::create_module

• <0.23.0

Description

Several memory safety issues have been uncovered in an audit of rusqlite.

See https://github.com/rusqlite/rusqlite/releases/tag/0.23.0 for a complete list.

Advisory available under CC0-1.0 license.