CVE-2020-35872 – rusqlite

Package

Manager: cargo
Name: rusqlite
Vulnerable Version: >=0 <0.23.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00433 pctl0.6196

Details

Improper type usage in rusqlite An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.

Metadata

Created: 2021-08-25T20:47:01Z
Modified: 2021-08-19T21:18:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-g4w7-3qr8-5623/GHSA-g4w7-3qr8-5623.json
CWE IDs: ["CWE-351"]
Alternative ID: GHSA-g4w7-3qr8-5623
Finding: F115
Auto approve: 1