CVE-2020-35868

Name of the Vulnerable Software and Affected Versions rusqlite versions prior to 0.23.0

Description An issue was discovered in the rusqlite crate where memory safety can be violated through various means, including use-after-free errors in Auxdata API, UnlockNotification, VTab / VTabCursor, and sessions.rs. Additionally, issues were found in the repr(Rust) type and the rusqlite::trace::log function's handling of format strings. There is also a data race in the Auxdata API and an issue with the create module function.

Recommendations For versions prior to 0.23.0, update to version 0.23.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Auxdata API, UnlockNotification, VTab / VTabCursor, sessions.rs, repr(Rust) type, rusqlite::trace::log function, and create module function until a patch is available.