{"id":"RUSTSEC-2022-0046","summary":"Out-of-bounds read when opening multiple column families with TTL","details":"Affected versions of this crate called the RocksDB C API\n`rocksdb_open_column_families_with_ttl()` with a pointer to a single integer\nTTL value, but one TTL value for each column family is expected.\n\nThis is only relevant when using\n`rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl()` with multiple\ncolumn families.\n\nThis bug has been fixed in v0.19.0.","aliases":["GHSA-xpp3-xrff-w6rh"],"modified":"2023-11-08T04:24:29.736305Z","published":"2022-05-11T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/rocksdb"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2022-0046.html"},{"type":"WEB","url":"https://github.com/rust-rocksdb/rust-rocksdb/pull/616"}],"affected":[{"package":{"name":"rocksdb","ecosystem":"crates.io","purl":"pkg:cargo/rocksdb"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.19.0"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"arch":[],"os":[],"functions":["rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl"]}},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0046.json","informational":null,"categories":["memory-corruption"],"cvss":null}}],"schema_version":"1.7.3"}