search

20treeAI / martin

Blazing fast and lightweight PostGIS vector tiles server
https://martin.urbica.co
Apache License 2.0
1 stars 0 forks source link

RUSTSEC-2022-0090: `libsqlite3-sys` via C SQLite CVE-2022-35737 #8

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

libsqlite3-sys via C SQLite CVE-2022-35737

Details
Package libsqlite3-sys
Version 0.24.2
URL https://nvd.nist.gov/vuln/detail/CVE-2022-35737
Date 2022-08-03
Patched versions >=0.25.1

It was sometimes possible for SQLite versions >= 1.0.12, < 3.39.2 to allow an array-bounds overflow when large string were input into SQLite's printf function.

As libsqlite3-sys bundles SQLite, it is susceptible to the vulnerability. libsqlite3-sys was updated to bundle the patched version of SQLite here.

See advisory page for additional details.

chanange commented 1 year ago

Related issue: https://github.com/maplibre/martin/issues/574 There is currently no published upstream ifx for the transient dependency sqlx