Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions gems/sqlite3/CVE-2026-54619.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
gem: sqlite3
cve: 2026-54619
ghsa: 28hh-pr2h-2w89
url: https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54619
title: Use-After-Free When Redefining SQLite Functions with Different Arity
date: 2026-06-07
description: |
## Summary

Using Database#create_function or Database#define_function to define
the same function name more than once with different numbers of
arguments ("arity") or text encodings will result in a invalid memory
read and a segmentation fault.

## Severity

The sqlite3-ruby repo maintainers assess this as Low severity. It is
reliably triggered after GC when code is structured in a particular way.
There is no known general exploit that could be used as a denial
of service attack.
unaffected_versions:
- "< 2.1.0"
patched_versions:
- ">= 2.9.5"
related:
url:
- https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54619
- https://rubygems.org/gems/sqlite3/versions/2.9.5
- https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v2.9.5
- https://github.com/sparklemotion/sqlite3-ruby/pull/711
- https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-28hh-pr2h-2w89
notes: |
- NOTE: The gem name is "sqlite3", not the repo name "sqlite3-ruby".
- CVE is reserved, but not published so GHSA Security is
low and no non-GHSA cvss values.
35 changes: 35 additions & 0 deletions gems/sqlite3/CVE-2026-54620.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
gem: sqlite3
cve: 2026-54620
ghsa: j7fr-3v8c-3qc3
url: https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54620
title: Use-After-Free in SQLite Aggregate Function Callbacks
date: 2026-06-07
description: |
## Summary

Using Database#create_aggregate, #create_aggregate_handler, or
Database#define_aggregator to define an aggregate function, and
then using an open statement calling that function after the database
has been explicitly closed will result in an invalid memory read
and a segmentation fault.

## Severity

The sqlite3-ruby repo maintainers assess this as Low severity. It is
reliably triggered after GC when code is structured in a particular way.
There is no known general exploit that could be used as a denial
of service attack.
patched_versions:
Comment thread
jasnow marked this conversation as resolved.
- ">= 2.9.5"
related:
url:
- https://www.cve.org/CVERecord/SearchResults?query=CVE-2026-54620
- https://rubygems.org/gems/sqlite3/versions/2.9.5
- https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v2.9.5
- https://github.com/sparklemotion/sqlite3-ruby/pull/711
- https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-j7fr-3v8c-3qc3
notes: |
- NOTE: The gem name is "sqlite3", not the repo name "sqlite3-ruby".
- CVE is reserved, but not published so GHSA Security is
low and no non-GHSA cvss values.