DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-GGXF-9F6J-W742: GHSA-GGXF-9F6J-W742: Use-After-Free in Diesel SQLite Deserialization

GHSA-GGXF-9F6J-W742: Use-After-Free in Diesel SQLite Deserialization

Vulnerability ID: GHSA-GGXF-9F6J-W742
CVSS Score: 5.3
Published: 2026-07-16

A memory unsoundness vulnerability exists in the Diesel ORM crate when deserializing SQLite databases from raw bytes. The flaw is caused by a failure to bind the lifetime of the input buffer to the lifetime of the connection object, resulting in a Use-After-Free condition in the underlying libsqlite3 C library when subsequent queries are executed.

TL;DR

A Use-After-Free vulnerability in diesel < 2.3.10 allows memory corruption when performing operations on a SQLite connection after its raw database buffer has been dropped.


Technical Details

  • CWE ID: CWE-416
  • Attack Vector: Network / Local
  • CVSS v4.0: 5.3
  • Impact: Memory Corruption, Process Crash, Potential State Manipulation
  • Exploit Status: None
  • KEV Status: Not Listed

Affected Systems

  • diesel crate
  • diesel: < 2.3.10 (Fixed in: 2.3.10)

Code Analysis

Commit: 1bc2ea4

Fix a potential use-after-free in SqliteConnection::deserialize_readonly_database_from_buffer

Mitigation Strategies

  • Upgrade the diesel dependency to version 2.3.10 or newer.
  • Manually manage buffer lifetimes to ensure the database backing buffer outlasts the connection object.
  • Enable AddressSanitizer (ASAN) in CI pipelines to detect temporal safety issues in Rust/C boundaries.

Remediation Steps:

  1. Open Cargo.toml and locate the diesel dependency declaration.
  2. Update the version field to 2.3.10 or greater.
  3. Run 'cargo update -p diesel' to resolve the locked version in Cargo.lock.
  4. Recompile and run the application's test suite under ASAN to verify the fix.

References


Read the full report for GHSA-GGXF-9F6J-W742 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)