Action not permitted
Modal body text goes here.
Modal Title
Modal Body
rustsec-2020-0014
Vulnerability from osv_rustsec
Published
2020-04-23 12:00
Modified
2023-06-13 13:10
Summary
Various memory safety issues
Details
Several memory safety issues have been uncovered in an audit of rusqlite.
See https://github.com/rusqlite/rusqlite/releases/tag/0.23.0 for a complete list.
{
"affected": [
{
"database_specific": {
"categories": [],
"cvss": null,
"informational": null
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [
"rusqlite::Connection::get_aux",
"rusqlite::Connection::set_aux",
"rusqlite::session::Session::attach",
"rusqlite::session::Session::diff",
"rusqlite::trace::log",
"rusqlite::vtab::create_module"
],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "rusqlite",
"purl": "pkg:cargo/rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-0"
},
{
"fixed": "0.23.0"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [
"CVE-2020-35866",
"CVE-2020-35867",
"CVE-2020-35868",
"CVE-2020-35869",
"CVE-2020-35870",
"CVE-2020-35871",
"CVE-2020-35872",
"CVE-2020-35873",
"GHSA-28ph-f7gx-fqj8",
"GHSA-3cgf-9m6x-pwwr",
"GHSA-6q5w-m3c5-rv95",
"GHSA-8h4j-vm3r-vcq3",
"GHSA-8r7q-r9mx-35rh",
"GHSA-g4w7-3qr8-5623",
"GHSA-q3cc-7p7g-392c",
"GHSA-rjh8-p66p-jrh5"
],
"database_specific": {
"license": "CC0-1.0"
},
"details": "Several memory safety issues have been uncovered in an audit of\nrusqlite.\n\nSee https://github.com/rusqlite/rusqlite/releases/tag/0.23.0 for a complete list.",
"id": "RUSTSEC-2020-0014",
"modified": "2023-06-13T13:10:24Z",
"published": "2020-04-23T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/rusqlite"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"related": [],
"severity": [],
"summary": "Various memory safety issues"
}
CVE-2020-35872 (GCVE-0-2020-35872)
Vulnerability from cvelistv5 – Published: 2020-12-31 08:28 – Updated: 2024-08-04 17:16
VLAI?
EPSS
Summary
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:12.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T08:28:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"name": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0",
"refsource": "MISC",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35872",
"datePublished": "2020-12-31T08:28:05",
"dateReserved": "2020-12-31T00:00:00",
"dateUpdated": "2024-08-04T17:16:12.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35873 (GCVE-0-2020-35873)
Vulnerability from cvelistv5 – Published: 2020-12-31 08:27 – Updated: 2024-08-04 17:16
VLAI?
EPSS
Summary
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:13.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T08:27:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"name": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0",
"refsource": "MISC",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35873",
"datePublished": "2020-12-31T08:27:54",
"dateReserved": "2020-12-31T00:00:00",
"dateUpdated": "2024-08-04T17:16:13.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35870 (GCVE-0-2020-35870)
Vulnerability from cvelistv5 – Published: 2020-12-31 08:28 – Updated: 2024-08-04 17:16
VLAI?
EPSS
Summary
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:12.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T08:28:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"name": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0",
"refsource": "MISC",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35870",
"datePublished": "2020-12-31T08:28:26",
"dateReserved": "2020-12-31T00:00:00",
"dateUpdated": "2024-08-04T17:16:12.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35871 (GCVE-0-2020-35871)
Vulnerability from cvelistv5 – Published: 2020-12-31 08:28 – Updated: 2024-08-04 17:16
VLAI?
EPSS
Summary
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:12.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T08:28:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"name": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0",
"refsource": "MISC",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35871",
"datePublished": "2020-12-31T08:28:15",
"dateReserved": "2020-12-31T00:00:00",
"dateUpdated": "2024-08-04T17:16:12.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35867 (GCVE-0-2020-35867)
Vulnerability from cvelistv5 – Published: 2020-12-31 08:29 – Updated: 2024-08-04 17:16
VLAI?
EPSS
Summary
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:12.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T08:29:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"name": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0",
"refsource": "MISC",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35867",
"datePublished": "2020-12-31T08:29:00",
"dateReserved": "2020-12-31T00:00:00",
"dateUpdated": "2024-08-04T17:16:12.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35869 (GCVE-0-2020-35869)
Vulnerability from cvelistv5 – Published: 2020-12-31 08:28 – Updated: 2024-08-04 17:16
VLAI?
EPSS
Summary
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:12.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T08:28:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"name": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0",
"refsource": "MISC",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35869",
"datePublished": "2020-12-31T08:28:34",
"dateReserved": "2020-12-31T00:00:00",
"dateUpdated": "2024-08-04T17:16:12.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35866 (GCVE-0-2020-35866)
Vulnerability from cvelistv5 – Published: 2020-12-31 08:29 – Updated: 2024-08-04 17:16
VLAI?
EPSS
Summary
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:12.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T08:29:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"name": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0",
"refsource": "MISC",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35866",
"datePublished": "2020-12-31T08:29:10",
"dateReserved": "2020-12-31T00:00:00",
"dateUpdated": "2024-08-04T17:16:12.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35868 (GCVE-0-2020-35868)
Vulnerability from cvelistv5 – Published: 2020-12-31 08:28 – Updated: 2024-08-04 17:16
VLAI?
EPSS
Summary
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:13.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T08:28:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
},
{
"name": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0",
"refsource": "MISC",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35868",
"datePublished": "2020-12-31T08:28:48",
"dateReserved": "2020-12-31T00:00:00",
"dateUpdated": "2024-08-04T17:16:13.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-Q3CC-7P7G-392C
Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2021-08-19 21:08
VLAI?
Summary
Use after free in rusqlite
Details
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free.
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35873"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:08:56Z",
"nvd_published_at": "2020-12-31T10:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free.",
"id": "GHSA-q3cc-7p7g-392c",
"modified": "2021-08-19T21:08:56Z",
"published": "2021-08-25T20:47:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35873"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/ac30e169ae51b262bc8cf7026469851ce39b23c6"
},
{
"type": "PACKAGE",
"url": "https://github.com/rusqlite/rusqlite"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use after free in rusqlite"
}
GHSA-RJH8-P66P-JRH5
Vulnerability from github – Published: 2021-08-25 20:46 – Updated: 2021-08-19 21:18
VLAI?
Summary
Data races in rusqlite
Details
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race.
Severity ?
8.1 (High)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35871"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:18:47Z",
"nvd_published_at": "2020-12-31T10:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race.",
"id": "GHSA-rjh8-p66p-jrh5",
"modified": "2021-08-19T21:18:47Z",
"published": "2021-08-25T20:46:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35871"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/2ef3628dac35aeba0a97d5fb3a57746b4e1d62b3"
},
{
"type": "PACKAGE",
"url": "https://github.com/rusqlite/rusqlite"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Data races in rusqlite"
}
GHSA-28PH-F7GX-FQJ8
Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2021-08-19 21:08
VLAI?
Summary
Data races in rusqlite
Details
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module.
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35867"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:08:12Z",
"nvd_published_at": "2020-12-31T10:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module.",
"id": "GHSA-28ph-f7gx-fqj8",
"modified": "2021-08-19T21:08:12Z",
"published": "2021-08-25T20:47:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35867"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/3c6b57fe1b2cc87e7ebecde43dd836ffb1c4ea5c"
},
{
"type": "PACKAGE",
"url": "https://github.com/rusqlite/rusqlite"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Data races in rusqlite"
}
GHSA-3CGF-9M6X-PWWR
Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2021-08-19 21:08
VLAI?
Summary
Data races in rusqlite
Details
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification.
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35868"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:08:22Z",
"nvd_published_at": "2020-12-31T10:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification.",
"id": "GHSA-3cgf-9m6x-pwwr",
"modified": "2021-08-19T21:08:22Z",
"published": "2021-08-25T20:47:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35868"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/45fd77ee43c38eea4d6f4e2e56c1667a55ec654f"
},
{
"type": "PACKAGE",
"url": "https://github.com/rusqlite/rusqlite"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Data races in rusqlite"
}
GHSA-G4W7-3QR8-5623
Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2021-08-19 21:18
VLAI?
Summary
Improper type usage in rusqlite
Details
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35872"
],
"database_specific": {
"cwe_ids": [
"CWE-351"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:18:44Z",
"nvd_published_at": "2020-12-31T10:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.",
"id": "GHSA-g4w7-3qr8-5623",
"modified": "2021-08-19T21:18:44Z",
"published": "2021-08-25T20:47:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35872"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/71b2f5187b0cbace3f8b6ff53432ff2ca0defcf0"
},
{
"type": "PACKAGE",
"url": "https://github.com/rusqlite/rusqlite"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper type usage in rusqlite"
}
GHSA-8R7Q-R9MX-35RH
Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2021-08-19 21:18
VLAI?
Summary
Mishandling of format strings in rusqlite
Details
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35869"
],
"database_specific": {
"cwe_ids": [
"CWE-134"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:18:40Z",
"nvd_published_at": "2020-12-31T10:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.",
"id": "GHSA-8r7q-r9mx-35rh",
"modified": "2021-08-19T21:18:40Z",
"published": "2021-08-25T20:47:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35869"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/2327d3b774927fdf48903c0bdc1ca7ec93c7c8d0"
},
{
"type": "PACKAGE",
"url": "https://github.com/rusqlite/rusqlite"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Mishandling of format strings in rusqlite"
}
GHSA-8H4J-VM3R-VCQ3
Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2021-08-19 21:08
VLAI?
Summary
Use after free in rusqlite
Details
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free.
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35870"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:08:47Z",
"nvd_published_at": "2020-12-31T10:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free.",
"id": "GHSA-8h4j-vm3r-vcq3",
"modified": "2021-08-19T21:08:47Z",
"published": "2021-08-25T20:47:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35870"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/2ef3628dac35aeba0a97d5fb3a57746b4e1d62b3"
},
{
"type": "PACKAGE",
"url": "https://github.com/rusqlite/rusqlite"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use after free in rusqlite"
}
GHSA-6Q5W-M3C5-RV95
Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2021-08-19 21:08
VLAI?
Summary
Data races in rusqlite
Details
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor.
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rusqlite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35866"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:08:01Z",
"nvd_published_at": "2020-12-31T10:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor.",
"id": "GHSA-6q5w-m3c5-rv95",
"modified": "2021-08-19T21:08:01Z",
"published": "2021-08-25T20:47:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35866"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/commit/c9ef5bd63cad5c0c123344c072b490a1a9bcbe1f"
},
{
"type": "PACKAGE",
"url": "https://github.com/rusqlite/rusqlite"
},
{
"type": "WEB",
"url": "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0014.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Data races in rusqlite"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…