CVE-2020-35871: Data races in rusqlite

August 25, 2021

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race.

References

github.com/advisories/GHSA-rjh8-p66p-jrh5
github.com/rusqlite/rusqlite
github.com/rusqlite/rusqlite/commit/2ef3628dac35aeba0a97d5fb3a57746b4e1d62b3
github.com/rusqlite/rusqlite/releases/tag/0.23.0
nvd.nist.gov/vuln/detail/CVE-2020-35871
rustsec.org/advisories/RUSTSEC-2020-0014.html

Detect and mitigate CVE-2020-35871 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →