search

bitcoindevkit / bdk-cli

A CLI wallet library and REPL tool to demo and test the BDK library
Other
111 stars 65 forks source link

RUSTSEC-2022-0046: Out-of-bounds read when opening multiple column families with TTL #112

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 2 years ago

Out-of-bounds read when opening multiple column families with TTL

Details
Package rocksdb
Version 0.14.0
URL https://github.com/rust-rocksdb/rust-rocksdb/pull/616
Date 2022-05-11
Patched versions >=0.19.0

Affected versions of this crate called the RocksDB C API rocksdb_open_column_families_with_ttl() with a pointer to a single integer TTL value, but one TTL value for each column family is expected.

This is only relevant when using rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl() with multiple column families.

This bug has been fixed in v0.19.0.

See advisory page for additional details.

notmandatory commented 2 years ago

Well need to update rocksdb in bdk first, then we can fix this in bdk-cli.