CVE-2021-45718

Name of the Vulnerable Software and Affected Versions: rusqlite versions 0.25.0 through 0.25.3 rusqlite versions 0.26.0 through 0.26.1

Description: The issue exists in the rusqlite crate for Rust, where several closure-accepting functions have a too relaxed lifetime bound. This can allow Rust code to access objects on the stack after they have been dropped, specifically in functions such as Connection::create scalar function, Connection::create aggregate function, Connection::create window function, Connection::commit hook, Connection::rollback hook, Connection::update hook, and Connection::create collation.

Recommendations: For rusqlite versions 0.25.0 through 0.25.3, update to version 0.25.4 or newer. For rusqlite versions 0.26.0 through 0.26.1, update to version 0.26.2 or newer. As a temporary workaround, consider avoiding the use of the impacted functions until a patch is available. Restrict access to the vulnerable functions to minimize the risk of exploitation.