CVE-2021-45715: 
Rust vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the rusqlite crate versions 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust, specifically affecting the createwindowfunction functionality. The vulnerability was disclosed on December 7, 2021, and was assigned CVE-2021-45715 (RustSec Advisory).

The vulnerability stems from incorrect lifetime bounds on closure-accepting functions in rusqlite. The lifetime bound was too relaxed, which could allow Rust code to access objects on the stack after they have been dropped when a closure referencing borrowed values on the stack is passed to affected functions. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to memory corruption through use-after-free conditions, potentially causing application crashes or other undefined behavior. The issue affects multiple functions under different feature flags including functions, hooks, and collation features (RustSec Advisory).

The vulnerability has been patched in versions 0.26.2 and newer, with a backport to version 0.25.4. Users should upgrade to these patched versions. All versions before 0.25.0 are unaffected by this vulnerability (RustSec Advisory).