Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14cHAzLXhyZmYtdzZyaM4AAt9l
rocksdb vulnerable to out-of-bounds read
Affected versions of this crate called the RocksDB C API
rocksdb_open_column_families_with_ttl() with a pointer to a single integer
TTL value, but one TTL value for each column family is expected.
This is only relevant when using
rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl() with multiple
column families.
This bug has been fixed in v0.19.0.
Permalink: https://github.com/advisories/GHSA-xpp3-xrff-w6rhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14cHAzLXhyZmYtdzZyaM4AAt9l
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
Identifiers: GHSA-xpp3-xrff-w6rh
References:
- https://github.com/rust-rocksdb/rust-rocksdb/pull/616
- https://github.com/rust-rocksdb/rust-rocksdb/releases/tag/v0.19.0
- https://rustsec.org/advisories/RUSTSEC-2022-0046.html
- https://github.com/advisories/GHSA-xpp3-xrff-w6rh
Blast Radius: 0.0
Affected Packages
cargo:rocksdb
Dependent packages: 201Dependent repositories: 2,430
Downloads: 10,406,531 total
Affected Version Ranges: < 0.19.0
Fixed in: 0.19.0
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.1, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.9.1, 0.10.0, 0.10.1, 0.11.0, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0
All unaffected versions: 0.19.0, 0.20.0, 0.20.1, 0.21.0, 0.22.0