CVE-2021-45713

Name of the Vulnerable Software and Affected Versions: rusqlite versions 0.25.0 through 0.25.3 rusqlite versions 0.26.0 through 0.26.1

Description: The issue is related to several closure-accepting rusqlite functions having too relaxed lifetime bounds, which could allow Rust code to access objects on the stack after they have been dropped. The impacted functions include create scalar function, create aggregate function, create window function, commit hook, rollback hook, update hook, and create collation.

Recommendations: For rusqlite versions 0.25.0 through 0.25.3, upgrade to version 0.25.4 or newer. For rusqlite versions 0.26.0 through 0.26.1, upgrade to version 0.26.2 or newer. As a temporary workaround, consider disabling the use of the impacted functions until a patch is available. Restrict access to the vulnerable functions to minimize the risk of exploitation.