GHSA-xmrp-424f-vfpx: SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

August 19, 2024

The following presentation at this year’s DEF CON was brought to our attention on the SQLx Discord:

References

github.com/advisories/GHSA-xmrp-424f-vfpx
github.com/launchbadge/sqlx
github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs
github.com/launchbadge/sqlx/issues/3440
rustsec.org/advisories/RUSTSEC-2024-0363.html

Code Behaviors & Features

Detect and mitigate GHSA-xmrp-424f-vfpx with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →