CVE-2020-35872

Name of the Vulnerable Software and Affected Versions rusqlite versions prior to 0.23.0

Description An issue was discovered in the rusqlite crate for Rust, where memory safety can be violated via several means, including the repr(Rust) type, an Auxdata API use-after-free, UnlockNotification, VTab / VTabCursor, a use-after-free in sessions.rs, and mishandling of format strings in rusqlite::trace::log. Additionally, an Auxdata API data race and the create module function can also lead to memory safety violations.

Recommendations For versions prior to 0.23.0, update to version 0.23.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable components, such as the repr(Rust) type, Auxdata API, UnlockNotification, VTab / VTabCursor, sessions.rs, rusqlite::trace::log, and create module function, until a patch is available.