-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
RustRustMiggo AIRoot Cause AnalysisThe vulnerability stems from incorrect ordering of SQLite API calls. The fix in diesel-rs/diesel#2663 shows the column name collection was moved after the initial sqlite3_step call in the iterator's next() method. The original implementation's pre-step column name collection via sqlite3_column_name created dangling pointers that were later used during result processing, directly matching the CWE-416 (Use After Free) description in the advisory.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| diesel | rust | < 1.4.6 | 1.4.6 |
Ongoing coverage of React2Shell