CVE-2020-35867

Name of the Vulnerable Software and Affected Versions rusqlite versions prior to 0.23.0

Description An issue was discovered in the rusqlite crate for Rust, where memory safety can be violated via various means, including create module, Auxdata API use-after-free, UnlockNotification, VTab / VTabCursor, sessions.rs use-after-free, the repr(Rust) type, and rusqlite::trace::log mishandling format strings. Additionally, an Auxdata API data race can also lead to memory safety violations.

Recommendations For versions prior to 0.23.0, update to version 0.23.0 or later to resolve the issue. As a temporary workaround, consider disabling the create module function, Auxdata API, UnlockNotification, VTab / VTabCursor, and rusqlite::trace::log until a patch is available. Restrict access to the sessions.rs and repr(Rust) type to minimize the risk of exploitation. Avoid using the Auxdata API in a way that could lead to a data race until the issue is resolved.