Skip to content

Commit 86ef68c

Browse files
authored
Merge pull request #1160 from jasnow/july-8-advs-144
Two new sqlite3 advisories
2 parents 1ed9df5 + c0fc7a4 commit 86ef68c

2 files changed

Lines changed: 71 additions & 0 deletions

File tree

gems/sqlite3/CVE-2026-54619.yml

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
---
2+
gem: sqlite3
3+
cve: 2026-54619
4+
ghsa: 28hh-pr2h-2w89
5+
url: https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54619
6+
title: Use-After-Free When Redefining SQLite Functions with Different Arity
7+
date: 2026-06-07
8+
description: |
9+
## Summary
10+
11+
Using Database#create_function or Database#define_function to define
12+
the same function name more than once with different numbers of
13+
arguments ("arity") or text encodings will result in a invalid memory
14+
read and a segmentation fault.
15+
16+
## Severity
17+
18+
The sqlite3-ruby repo maintainers assess this as Low severity. It is
19+
reliably triggered after GC when code is structured in a particular way.
20+
There is no known general exploit that could be used as a denial
21+
of service attack.
22+
unaffected_versions:
23+
- "< 2.1.0"
24+
patched_versions:
25+
- ">= 2.9.5"
26+
related:
27+
url:
28+
- https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54619
29+
- https://rubygems.org/gems/sqlite3/versions/2.9.5
30+
- https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v2.9.5
31+
- https://github.com/sparklemotion/sqlite3-ruby/pull/711
32+
- https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-28hh-pr2h-2w89
33+
notes: |
34+
- NOTE: The gem name is "sqlite3", not the repo name "sqlite3-ruby".
35+
- CVE is reserved, but not published so GHSA Security is
36+
low and no non-GHSA cvss values.

gems/sqlite3/CVE-2026-54620.yml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
---
2+
gem: sqlite3
3+
cve: 2026-54620
4+
ghsa: j7fr-3v8c-3qc3
5+
url: https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54620
6+
title: Use-After-Free in SQLite Aggregate Function Callbacks
7+
date: 2026-06-07
8+
description: |
9+
## Summary
10+
11+
Using Database#create_aggregate, #create_aggregate_handler, or
12+
Database#define_aggregator to define an aggregate function, and
13+
then using an open statement calling that function after the database
14+
has been explicitly closed will result in an invalid memory read
15+
and a segmentation fault.
16+
17+
## Severity
18+
19+
The sqlite3-ruby repo maintainers assess this as Low severity. It is
20+
reliably triggered after GC when code is structured in a particular way.
21+
There is no known general exploit that could be used as a denial
22+
of service attack.
23+
patched_versions:
24+
- ">= 2.9.5"
25+
related:
26+
url:
27+
- https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54620
28+
- https://rubygems.org/gems/sqlite3/versions/2.9.5
29+
- https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v2.9.5
30+
- https://github.com/sparklemotion/sqlite3-ruby/pull/711
31+
- https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-j7fr-3v8c-3qc3
32+
notes: |
33+
- NOTE: The gem name is "sqlite3", not the repo name "sqlite3-ruby".
34+
- CVE is reserved, but not published so GHSA Security is
35+
low and no non-GHSA cvss values.

0 commit comments

Comments
 (0)