CVE-2021-45714

Name of the Vulnerable Software and Affected Versions: rusqlite crate versions 0.25.0 through 0.25.3 rusqlite crate versions 0.26.0 through 0.26.1

Description: The issue is related to several closure-accepting functions in the rusqlite crate, which have a too relaxed lifetime bound. This can allow Rust code to access objects on the stack after they have been dropped, specifically when a closure referencing borrowed values on the stack is passed to one of these functions. The impacted functions include Connection::create scalar function, Connection::create aggregate function, Connection::create window function, Connection::commit hook, Connection::rollback hook, Connection::update hook, and Connection::create collation.

Recommendations: For rusqlite crate versions 0.25.0 through 0.25.3, update to version 0.25.4 or newer. For rusqlite crate versions 0.26.0 through 0.26.1, update to version 0.26.2 or newer.