CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



GHSA-GGXF-9F6J-W742

GHSA-GGXF-9F6J-W742: Use-After-Free in Diesel SQLite Deserialization

Alon Barad
Alon Barad
Software Engineer

Jul 17, 2026·6 min read·1 visit

Executive Summary (TL;DR)

A Use-After-Free vulnerability in diesel < 2.3.10 allows memory corruption when performing operations on a SQLite connection after its raw database buffer has been dropped.

A memory unsoundness vulnerability exists in the Diesel ORM crate when deserializing SQLite databases from raw bytes. The flaw is caused by a failure to bind the lifetime of the input buffer to the lifetime of the connection object, resulting in a Use-After-Free condition in the underlying libsqlite3 C library when subsequent queries are executed.

Vulnerability Overview

The diesel crate is a widely adopted Object-Relational Mapping (ORM) and query builder for Rust. Its SQLite backend provides interfaces to connect to, query, and manage SQLite databases, relying on Foreign Function Interface (FFI) bindings to communicate with the native libsqlite3 C library.

To facilitate database loading from memory, Diesel provides the API SqliteConnection::deserialize_readonly_database_from_buffer and its wrapper SqliteConnection::deserialize_readonly_database. These functions allow applications to deserialize a SQLite database directly from an in-memory byte slice (&[u8]). This feature exposes a direct attack surface if the underlying database bytes can be supplied by an external or untrusted source.

The core vulnerability is a Use-After-Free (UAF) condition classified under CWE-416. Because of missing lifetime constraints in the safe Rust wrapper signature, the memory safety guarantees of Rust were bypassed, allowing the backing buffer to be deallocated while the database connection retained active references to the deallocated heap memory.

Root Cause Analysis

The native SQLite C library implements a memory-deserialization feature via sqlite3_deserialize. When configured to operate on a read-only database buffer, the engine avoids making an internal copy of the data. Instead, it maintains a raw pointer pointing directly to the memory address of the provided buffer, assuming that this memory block will remain allocated and static for the duration of the connection's lifetime.

In Diesel's pre-patch implementation, the safe Rust wrapper accepted the input buffer as data: &[u8]. Because this slice's lifetime was not bound to the SqliteConnection struct, Rust's borrow checker allowed the caller to drop or reallocate the backing buffer immediately after the deserialization function returned, even while the connection object remained alive.

Once the backing buffer is dropped, the memory is reclaimed by the allocator. When the application subsequently executes a query on the open connection, the underlying libsqlite3 library dereferences the cached raw pointer to read database pages. This results in an expired pointer dereference (CWE-825) and triggers a heap-use-after-free condition.

Code Analysis and Fix Evaluation

The pre-patch implementation of the deserialization function lacked the safety invariants required to prevent the backing buffer from being dropped prematurely. The signature and implementation were defined as follows:

// Pre-patch vulnerable function signature:
pub fn deserialize_readonly_database_from_buffer(&mut self, data: &[u8]) -> QueryResult<()> {
    self.raw_connection.deserialize(data)
}

To resolve this soundness issue, the developers modified the SqliteConnection struct to take ownership of the buffer data. This ensures that the buffer is kept alive as long as the connection itself. The patch introduces a serialized_data: Vec<u8> field to the connection struct and clones the slice:

// Post-patch implementation in diesel/src/sqlite/connection/mod.rs
pub struct SqliteConnection {
    // Fields omitted for brevity
    metadata_lookup: (),
    instrumentation: DynInstrumentation,
    // This field must come after the RawConnection to ensure correct drop order
    serialized_data: Vec<u8>,
}
 
impl SqliteConnection {
    pub fn deserialize_readonly_database_from_buffer(&mut self, data: &[u8]) -> QueryResult<()> {
        // Copy the buffer to make sure it lives as long as the connection
        self.serialized_data = data.to_vec();
        self.raw_connection.deserialize(&self.serialized_data)
    }
}

In Rust, struct fields are dropped in declaration order (top-to-bottom). Because serialized_data is declared after raw_connection, the connection is closed first during a drop sequence, ensuring that libsqlite3 releases its reference to the memory before the Vec<u8> buffer is deallocated. While this fix introduces an allocation overhead due to cloning the database buffer, it completely remediates the vulnerability without breaking the public API signature.

Exploitation and Attack Flow

Exploiting this vulnerability requires a target application that loads SQLite databases dynamically using the vulnerable Diesel functions and subsequently processes queries on the connection after the source buffer has been deallocated.

An attacker can supply a malicious or specifically crafted SQLite database to an endpoint. Once the server loads the database using deserialize_readonly_database_from_buffer and releases the original upload buffer, the memory is marked as free. When the server then executes a database query, the engine reads from the freed heap space.

If the deallocated memory is repurposed by other threads, the application may read corrupted data, causing a segmentation fault. If an attacker can perform heap grooming to fill the deallocated memory block with attacker-controlled data, it is theoretically possible to manipulate SQLite's internal data structures, leading to unauthorized state modification.

Impact Assessment

The impact of this vulnerability is categorized as Moderate with a CVSS v4.0 base score of 5.3. The severity is constrained because the vulnerability requires a specific sequence of API calls and buffer management in the calling application to manifest.

The primary consequences are system instability, unexpected application behavior, and process crashes due to memory corruption. In multi-threaded environments, reading from freed memory can leak sensitive details of other sessions if those sessions occupy the recycled heap segments.

Because this is a library-level memory safety flaw rather than a protocol or application-level exposure, the direct risk is highly dependent on how the parent application implements and handles the database deserialization routines.

Remediation and Detection

The primary remediation strategy is to upgrade the diesel crate to version 2.3.10 or newer, which contains the official patch. No code modifications are required by callers, as the fix maintains backwards compatibility.

# Cargo.toml
diesel = { version = "2.3.10", features = ["sqlite"] }

If upgrading is not immediately possible, applications must ensure that the lifetime of the input buffer exceeds that of the connection. This can be accomplished by structuring the code so the buffer is stored in a scope that outlasts the SqliteConnection:

// Workaround: Manually managing the lifetime
fn process_db(data: Vec<u8>) {
    let mut conn = SqliteConnection::establish(":memory:").unwrap();
    // Keep 'data' alive for the duration of the connection's usage
    conn.deserialize_readonly_database_from_buffer(&data).unwrap();
    execute_queries(&mut conn);
    std::mem::drop(conn); // Explicitly drop connection before the buffer
    std::mem::drop(data);
}

To detect this issue during development, compile tests using AddressSanitizer (ASAN) and verify that dropping the input buffer before executing a query triggers a diagnostic failure.

Official Patches

diesel-rsOfficial fix commit on GitHub

Fix Analysis (1)

Technical Appendix

CVSS Score
5.3/ 10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Systems

diesel crate

Affected Versions Detail

Product
Affected Versions
Fixed Version
diesel
diesel-rs
< 2.3.102.3.10
AttributeDetail
CWE IDCWE-416
Attack VectorNetwork / Local
CVSS v4.05.3
ImpactMemory Corruption, Process Crash, Potential State Manipulation
Exploit StatusNone
KEV StatusNot Listed

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1203Exploitation for Client Execution
Execution
CWE-416
Use After Free

Referencing memory after it has been freed can write or read invalid heap structures, leading to unexpected behavior, program crashes, or potential client execution.

Vulnerability Timeline

Fix commit pushed to GitHub
2026-05-19
RustSec Advisory RUSTSEC-2026-0172 published
2026-06-05
GHSA-ggxf-9f6j-w742 registered in GitHub Advisory Database
2026-07-16

References & Sources

  • [1]GitHub Security Advisory
  • [2]RustSec Security Advisory

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•about 3 hours ago•CVE-2026-52870
7.6

CVE-2026-52870: Broken Object-Level Authorization (BOLA) in Model Context Protocol (MCP) Python SDK

CVE-2026-52870 is a high-severity Broken Object-Level Authorization (BOLA) / Missing Authorization vulnerability (CWE-862) discovered in the experimental tasks feature of the Model Context Protocol (MCP) Python SDK. Under affected versions (< 1.27.2), default handlers registered via server.experimental.enable_tasks() allowed connected clients to enumerate, access, and terminate active tasks belonging to other user sessions due to a lack of session ownership validation. This compromised multi-tenant isolation, allowing authenticated users to extract execution data and cancel running jobs across concurrent connections. The vulnerability has been resolved in version 1.27.2 through session-scoping of task identifiers and transport session pinning.

Amit Schendel
Amit Schendel
2 views•6 min read
•about 4 hours ago•GHSA-48QW-824M-86PR
7.7

GHSA-48QW-824M-86PR: Privilege Escalation and Sandbox Escape in ArcadeDB Server

A high-severity privilege escalation and sandbox escape vulnerability exists in ArcadeDB Server prior to version 26.7.1. This flaw permits an authenticated user with read-only privileges to execute arbitrary JVM code in a sandboxed JavaScript context via the API command endpoint. By utilizing reflection on bound Java objects, an attacker can bypass the GraalVM guest environment's whitelist, access the Java ClassLoader, and perform arbitrary file reads on the host filesystem.

Alon Barad
Alon Barad
3 views•6 min read
•about 10 hours ago•CVE-2026-59950
7.6

CVE-2026-59950: Cross-Site WebSocket Hijacking in Model Context Protocol Python SDK

CVE-2026-59950 is a high-severity security vulnerability in the Model Context Protocol (MCP) Python SDK. Prior to version 1.28.1, the SDK's deprecated WebSocket server transport accepted incoming connection handshakes without performing validation on the Host or Origin headers. Because web browsers do not restrict WebSocket connections using the Same-Origin Policy (SOP), this enables malicious third-party websites to perform a Cross-Site WebSocket Hijacking (CSWSH) attack, executing unauthorized commands on behalf of the local user.

Alon Barad
Alon Barad
7 views•6 min read
•about 10 hours ago•CVE-2026-56271
9.8

CVE-2026-56271: Authentication Bypass via Hardcoded JWT Secrets in Flowise Enterprise Passport Middleware

CVE-2026-56271 represents a critical security flaw in Flowise, an open-source visual orchestration platform for Large Language Models (LLMs) and autonomous AI agents. The vulnerability occurs within the platform's enterprise passport authentication module, where default cryptographic parameters are used in the absence of explicit environment variables. Specifically, the middleware silently falls back to known, static hardcoded secrets ('auth_token' and 'refresh_token') and identifiers ('AUDIENCE' and 'ISSUER') to generate and verify session tokens. Consequently, remote unauthenticated attackers can construct arbitrary JSON Web Tokens (JWTs) signed with these hardcoded credentials to gain administrative entry to the application.

Alon Barad
Alon Barad
6 views•6 min read
•about 11 hours ago•GHSA-X9F9-R4M8-9XC2
8.4

GHSA-x9f9-r4m8-9xc2: Remote Code Execution via GraalVM Polyglot Sandbox Bypass in ArcadeDB Trigger Scripts

ArcadeDB is an open-source, multi-model database engine supporting graph, document, key-value, and vector models. In affected versions of ArcadeDB, the trigger script executor improperly configures GraalVM scripting engine permissions. By allowing the 'java.lang.*' package to be loaded within the scripting context, the sandbox environment can be bypassed. An authenticated user with schema administration privileges ('UPDATE_SCHEMA') can register a malicious script trigger that executes arbitrary Java host classes, leading to unauthenticated remote command execution under the context of the ArcadeDB server process.

Alon Barad
Alon Barad
6 views•6 min read
•about 11 hours ago•CVE-2026-20744
9.8

CVE-2026-20744: Improper Access Control in Le Circuit Électrique Charging Station Backend

A critical improper access control vulnerability (CWE-284) in the WebSocket upgrade endpoint of Le Circuit Électrique charging station backend allows remote, unauthenticated attackers to connect to the Charging Station Management System and impersonate charging stations.

Alon Barad
Alon Barad
5 views•8 min read