CVE-2025-47736: libsql-sqlite3-parser crash due to invalid UTF-8 input

May 9, 2025

dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8.

References

crates.io/crates/libsql-sqlite3-parser
github.com/advisories/GHSA-8m95-fffc-h4c5
github.com/gwenn/lemon-rs/issues/86
github.com/gwenn/lemon-rs/pull/8
github.com/tursodatabase/libsql/issues/2052
nvd.nist.gov/vuln/detail/CVE-2025-47736

Code Behaviors & Features

Detect and mitigate CVE-2025-47736 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →