{"id":"GHSA-f6f2-3w33-54r9","summary":"Use After Free in rusqlite","details":"An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free.","aliases":["CVE-2021-45713","CVE-2021-45714","CVE-2021-45715","CVE-2021-45716","CVE-2021-45717","CVE-2021-45718","CVE-2021-45719","GHSA-4qr3-m7ww-hh9g","GHSA-87xh-9q6h-r5cc","GHSA-92cx-4xm7-jr9m","GHSA-cm8g-544f-p9x9","GHSA-g4g4-3pqw-8m7f","GHSA-g87r-23vw-7f87","GHSA-q89g-4vhh-mvvm","RUSTSEC-2021-0128"],"modified":"2024-03-15T00:05:18.748750Z","published":"2022-01-06T22:02:36Z","database_specific":{"severity":"HIGH","nvd_published_at":"2021-12-26T22:15:00Z","github_reviewed_at":"2022-01-05T21:07:30Z","github_reviewed":true,"cwe_ids":["CWE-416"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45714"},{"type":"WEB","url":"https://github.com/rusqlite/rusqlite/issues/1048"},{"type":"PACKAGE","url":"https://github.com/rusqlite/rusqlite"},{"type":"WEB","url":"https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/rusqlite/RUSTSEC-2021-0128.md"},{"type":"WEB","url":"https://rustsec.org/advisories/RUSTSEC-2021-0128.html"}],"affected":[{"package":{"name":"rusqlite","ecosystem":"crates.io","purl":"pkg:cargo/rusqlite"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.25.0"},{"fixed":"0.25.4"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-f6f2-3w33-54r9/GHSA-f6f2-3w33-54r9.json"}},{"package":{"name":"rusqlite","ecosystem":"crates.io","purl":"pkg:cargo/rusqlite"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.26.0"},{"fixed":"0.26.2"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-f6f2-3w33-54r9/GHSA-f6f2-3w33-54r9.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}