File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ ---
2+ layout : advisory
3+ title : ' CVE-2026-54619 (sqlite3): Use-After-Free When Redefining SQLite Functions
4+ with Different Arity'
5+ comments : false
6+ categories :
7+ - sqlite3
8+ advisory :
9+ gem : sqlite3
10+ cve : 2026-54619
11+ ghsa : 28hh-pr2h-2w89
12+ url : https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54619
13+ title : Use-After-Free When Redefining SQLite Functions with Different Arity
14+ date : 2026-06-07
15+ description : |-
16+ ## Summary
17+
18+ Using Database#create_function or Database#define_function to define
19+ the same function name more than once with different numbers of
20+ arguments ("arity") or text encodings will result in a invalid memory
21+ read and a segmentation fault.
22+
23+ ## Severity
24+
25+ The sqlite3-ruby repo maintainers assess this as Low severity. It is
26+ reliably triggered after GC when code is structured in a particular way.
27+ There is no known general exploit that could be used as a denial
28+ of service attack.
29+ unaffected_versions :
30+ - " < 2.1.0"
31+ patched_versions :
32+ - " >= 2.9.5"
33+ related :
34+ url :
35+ - https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54619
36+ - https://rubygems.org/gems/sqlite3/versions/2.9.5
37+ - https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v2.9.5
38+ - https://github.com/sparklemotion/sqlite3-ruby/pull/711
39+ - https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-28hh-pr2h-2w89
40+ notes : |
41+ - NOTE: The gem name is "sqlite3", not the repo name "sqlite3-ruby".
42+ - CVE is reserved, but not published so GHSA Security is
43+ low and no non-GHSA cvss values.
44+ ---
Original file line number Diff line number Diff line change 1+ ---
2+ layout : advisory
3+ title : ' CVE-2026-54620 (sqlite3): Use-After-Free in SQLite Aggregate Function Callbacks'
4+ comments : false
5+ categories :
6+ - sqlite3
7+ advisory :
8+ gem : sqlite3
9+ cve : 2026-54620
10+ ghsa : j7fr-3v8c-3qc3
11+ url : https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54620
12+ title : Use-After-Free in SQLite Aggregate Function Callbacks
13+ date : 2026-06-07
14+ description : |-
15+ ## Summary
16+
17+ Using Database#create_aggregate, #create_aggregate_handler, or
18+ Database#define_aggregator to define an aggregate function, and
19+ then using an open statement calling that function after the database
20+ has been explicitly closed will result in an invalid memory read
21+ and a segmentation fault.
22+
23+ ## Severity
24+
25+ The sqlite3-ruby repo maintainers assess this as Low severity. It is
26+ reliably triggered after GC when code is structured in a particular way.
27+ There is no known general exploit that could be used as a denial
28+ of service attack.
29+ patched_versions :
30+ - " >= 2.9.5"
31+ related :
32+ url :
33+ - https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54620
34+ - https://rubygems.org/gems/sqlite3/versions/2.9.5
35+ - https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v2.9.5
36+ - https://github.com/sparklemotion/sqlite3-ruby/pull/711
37+ - https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-j7fr-3v8c-3qc3
38+ notes : |
39+ - NOTE: The gem name is "sqlite3", not the repo name "sqlite3-ruby".
40+ - CVE is reserved, but not published so GHSA Security is
41+ low and no non-GHSA cvss values.
42+ ---
You can’t perform that action at this time.
0 commit comments