CVE-2021-45719

Name of the Vulnerable Software and Affected Versions: rusqlite versions 0.25.0 through 0.25.3 rusqlite versions 0.26.0 through 0.26.1

Description: The issue is related to a use-after-free problem in several closure-accepting functions, including Connection::create scalar function, Connection::create aggregate function, Connection::create window function, Connection::commit hook, Connection::rollback hook, Connection::update hook, and Connection::create collation. This could allow Rust code to access objects on the stack after they have been dropped. The problem exists due to a too relaxed lifetime bound on these functions.

Recommendations: For rusqlite versions 0.25.0 through 0.25.3, update to version 0.25.4 or newer. For rusqlite versions 0.26.0 through 0.26.1, update to version 0.26.2 or newer. As a temporary workaround, consider avoiding the use of the vulnerable functions until a patch is available. Restrict access to the vulnerable functions to minimize the risk of exploitation.