Skip to content

Commit 869b238

Browse files
simiRubySec CI
authored andcommitted
Updated advisory posts against rubysec/ruby-advisory-db@86ef68c
1 parent c31b968 commit 869b238

2 files changed

Lines changed: 86 additions & 0 deletions

File tree

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
---
2+
layout: advisory
3+
title: 'CVE-2026-54619 (sqlite3): Use-After-Free When Redefining SQLite Functions
4+
with Different Arity'
5+
comments: false
6+
categories:
7+
- sqlite3
8+
advisory:
9+
gem: sqlite3
10+
cve: 2026-54619
11+
ghsa: 28hh-pr2h-2w89
12+
url: https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54619
13+
title: Use-After-Free When Redefining SQLite Functions with Different Arity
14+
date: 2026-06-07
15+
description: |-
16+
## Summary
17+
18+
Using Database#create_function or Database#define_function to define
19+
the same function name more than once with different numbers of
20+
arguments ("arity") or text encodings will result in a invalid memory
21+
read and a segmentation fault.
22+
23+
## Severity
24+
25+
The sqlite3-ruby repo maintainers assess this as Low severity. It is
26+
reliably triggered after GC when code is structured in a particular way.
27+
There is no known general exploit that could be used as a denial
28+
of service attack.
29+
unaffected_versions:
30+
- "< 2.1.0"
31+
patched_versions:
32+
- ">= 2.9.5"
33+
related:
34+
url:
35+
- https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54619
36+
- https://rubygems.org/gems/sqlite3/versions/2.9.5
37+
- https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v2.9.5
38+
- https://github.com/sparklemotion/sqlite3-ruby/pull/711
39+
- https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-28hh-pr2h-2w89
40+
notes: |
41+
- NOTE: The gem name is "sqlite3", not the repo name "sqlite3-ruby".
42+
- CVE is reserved, but not published so GHSA Security is
43+
low and no non-GHSA cvss values.
44+
---
Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
---
2+
layout: advisory
3+
title: 'CVE-2026-54620 (sqlite3): Use-After-Free in SQLite Aggregate Function Callbacks'
4+
comments: false
5+
categories:
6+
- sqlite3
7+
advisory:
8+
gem: sqlite3
9+
cve: 2026-54620
10+
ghsa: j7fr-3v8c-3qc3
11+
url: https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54620
12+
title: Use-After-Free in SQLite Aggregate Function Callbacks
13+
date: 2026-06-07
14+
description: |-
15+
## Summary
16+
17+
Using Database#create_aggregate, #create_aggregate_handler, or
18+
Database#define_aggregator to define an aggregate function, and
19+
then using an open statement calling that function after the database
20+
has been explicitly closed will result in an invalid memory read
21+
and a segmentation fault.
22+
23+
## Severity
24+
25+
The sqlite3-ruby repo maintainers assess this as Low severity. It is
26+
reliably triggered after GC when code is structured in a particular way.
27+
There is no known general exploit that could be used as a denial
28+
of service attack.
29+
patched_versions:
30+
- ">= 2.9.5"
31+
related:
32+
url:
33+
- https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54620
34+
- https://rubygems.org/gems/sqlite3/versions/2.9.5
35+
- https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v2.9.5
36+
- https://github.com/sparklemotion/sqlite3-ruby/pull/711
37+
- https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-j7fr-3v8c-3qc3
38+
notes: |
39+
- NOTE: The gem name is "sqlite3", not the repo name "sqlite3-ruby".
40+
- CVE is reserved, but not published so GHSA Security is
41+
low and no non-GHSA cvss values.
42+
---

0 commit comments

Comments
 (0)