CVE-2020-35872: Improper type usage in rusqlite

August 25, 2021

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.

References

github.com/advisories/GHSA-g4w7-3qr8-5623
github.com/rusqlite/rusqlite
github.com/rusqlite/rusqlite/commit/71b2f5187b0cbace3f8b6ff53432ff2ca0defcf0
github.com/rusqlite/rusqlite/releases/tag/0.23.0
nvd.nist.gov/vuln/detail/CVE-2020-35872
rustsec.org/advisories/RUSTSEC-2020-0014.html

Detect and mitigate CVE-2020-35872 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →