Add out-of-bounds read advisory for rocksdb (#1237)

2026-01-17 17:07:58 +01:00 · 2022-08-11 09:30:02 -04:00
parent dda8c048b6
commit 94e8af7c0c
1 changed files with 27 additions and 0 deletions
--- a/crates/rocksdb/RUSTSEC-0000-0000.md
+++ b/crates/rocksdb/RUSTSEC-0000-0000.md
@@ -0,0 +1,27 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "rocksdb"
+date = "2022-05-11"
+url = "https://github.com/rust-rocksdb/rust-rocksdb/pull/616"
+categories = ["memory-corruption"]
+keywords = ["out-of-bounds read"]
+
+[versions]
+patched = [">= 0.19.0"]
+
+[affected]
+functions = { "rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl" = ["< 0.19.0"] }
+```
+
+# Out-of-bounds read when opening multiple column families with TTL
+
+Affected versions of this crate called the RocksDB C API
+`rocksdb_open_column_families_with_ttl()` with a pointer to a single integer
+TTL value, but one TTL value for each column family is expected.
+
+This is only relevant when using
+`rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl()` with multiple
+column families.
+
+This bug has been fixed in v0.19.0.