search

mTvare6 / hello-world.rs

🚀Memory safe, blazing fast, configurable, minimal hello world written in rust(🚀) in a few lines of code with few(1092🚀) dependencies🚀
Other
3.21k stars 1 forks source link

CVE-2022-35737 (High) detected in libsqlite3-sys-0.23.2.crate #402

Open mend-bolt-for-github[bot] opened 1 year ago

mend-bolt-for-github[bot] commented 1 year ago

CVE-2022-35737 - High Severity Vulnerability

Vulnerable Library - libsqlite3-sys-0.23.2.crate

Native bindings to the libsqlite3 library

Library home page: https://crates.io/api/v1/crates/libsqlite3-sys/0.23.2/download

Dependency Hierarchy: - :x: **libsqlite3-sys-0.23.2.crate** (Vulnerable Library)

Found in HEAD commit: a5a175063bd51fcbbce0eaba88d1b9b6ad315911

Found in base branch: master

Vulnerability Details

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Publish Date: 2022-08-03

URL: CVE-2022-35737

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://security-tracker.debian.org/tracker/CVE-2022-35737

Release Date: 2022-08-03

Fix Resolution: version-3.39.2

Step up your Open Source Security Game with Mend here