Skip to content

rocksdb vulnerable to out-of-bounds read

Moderate severity GitHub Reviewed Published Aug 12, 2022 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

cargo rocksdb (Rust)

Affected versions

< 0.19.0

Patched versions

0.19.0

Description

Affected versions of this crate called the RocksDB C API
rocksdb_open_column_families_with_ttl() with a pointer to a single integer
TTL value, but one TTL value for each column family is expected.

This is only relevant when using
rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl() with multiple
column families.

This bug has been fixed in v0.19.0.

References

Published to the GitHub Advisory Database Aug 12, 2022
Reviewed Aug 12, 2022
Last updated Jan 9, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-xpp3-xrff-w6rh

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.