CVE-2020-35873

Name of the Vulnerable Software and Affected Versions rusqlite versions prior to 0.23.0

Description An issue was discovered in the rusqlite crate for Rust, where memory safety can be violated due to several reasons, including use-after-free in sessions.rs, Auxdata API use-after-free, UnlockNotification, VTab / VTabCursor, the repr(Rust) type, and rusqlite::trace::log mishandling format strings. Additionally, an Auxdata API data race and create module can also lead to memory safety violations.

Recommendations For versions prior to 0.23.0, update to version 0.23.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of Auxdata API, UnlockNotification, VTab / VTabCursor, repr(Rust) type, rusqlite::trace::log, and create module until a patch is available. Restrict access to the vulnerable components to minimize the risk of exploitation.