Reliance on Data/Memory Layout Affecting diesel package, versions <2.3.8

Q: How to fix?

Upgrade diesel to version 2.3.8 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RUST-DIESEL-16771439
published20 May 2026
disclosed19 May 2026
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 19 May 2026

NewCWE-188 (opens in a new tab)

How to fix?

Upgrade diesel to version 2.3.8 or higher.

Overview

diesel is an extensible ORM and Query Builder for Rust.

Affected versions of this package are vulnerable to Reliance on Data/Memory Layout in the SqliteAggregate interface. An attacker can cause undefined behavior or memory safety issues by registering a custom aggregate function with a type that requires non-standard alignment, leading to potential misaligned memory access.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
High
Attack Requirements (AT)
Present
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
Low
Availability (VA)
Low

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None