diff --git a/gems/sqlite3/CVE-2026-54619.yml b/gems/sqlite3/CVE-2026-54619.yml new file mode 100644 index 0000000000..f82f7ccb5a --- /dev/null +++ b/gems/sqlite3/CVE-2026-54619.yml @@ -0,0 +1,36 @@ +--- +gem: sqlite3 +cve: 2026-54619 +ghsa: 28hh-pr2h-2w89 +url: https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54619 +title: Use-After-Free When Redefining SQLite Functions with Different Arity +date: 2026-06-07 +description: | + ## Summary + + Using Database#create_function or Database#define_function to define + the same function name more than once with different numbers of + arguments ("arity") or text encodings will result in a invalid memory + read and a segmentation fault. + + ## Severity + + The sqlite3-ruby repo maintainers assess this as Low severity. It is + reliably triggered after GC when code is structured in a particular way. + There is no known general exploit that could be used as a denial + of service attack. +unaffected_versions: + - "< 2.1.0" +patched_versions: + - ">= 2.9.5" +related: + url: + - https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54619 + - https://rubygems.org/gems/sqlite3/versions/2.9.5 + - https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v2.9.5 + - https://github.com/sparklemotion/sqlite3-ruby/pull/711 + - https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-28hh-pr2h-2w89 +notes: | + - NOTE: The gem name is "sqlite3", not the repo name "sqlite3-ruby". + - CVE is reserved, but not published so GHSA Security is + low and no non-GHSA cvss values. diff --git a/gems/sqlite3/CVE-2026-54620.yml b/gems/sqlite3/CVE-2026-54620.yml new file mode 100644 index 0000000000..95fc33a98e --- /dev/null +++ b/gems/sqlite3/CVE-2026-54620.yml @@ -0,0 +1,35 @@ +--- +gem: sqlite3 +cve: 2026-54620 +ghsa: j7fr-3v8c-3qc3 +url: https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54620 +title: Use-After-Free in SQLite Aggregate Function Callbacks +date: 2026-06-07 +description: | + ## Summary + + Using Database#create_aggregate, #create_aggregate_handler, or + Database#define_aggregator to define an aggregate function, and + then using an open statement calling that function after the database + has been explicitly closed will result in an invalid memory read + and a segmentation fault. + + ## Severity + + The sqlite3-ruby repo maintainers assess this as Low severity. It is + reliably triggered after GC when code is structured in a particular way. + There is no known general exploit that could be used as a denial + of service attack. +patched_versions: + - ">= 2.9.5" +related: + url: + - https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54620 + - https://rubygems.org/gems/sqlite3/versions/2.9.5 + - https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v2.9.5 + - https://github.com/sparklemotion/sqlite3-ruby/pull/711 + - https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-j7fr-3v8c-3qc3 +notes: | + - NOTE: The gem name is "sqlite3", not the repo name "sqlite3-ruby". + - CVE is reserved, but not published so GHSA Security is + low and no non-GHSA cvss values.