Skip to content

Commit b3d2f38

Browse files
jasnowpostmodern
jasnow
authored and
postmodern
committed
GHSA SYNC: 1 brand new advisory
1 parent aa479b5 commit b3d2f38

File tree

1 file changed

+22
-0
lines changed

1 file changed

+22
-0
lines changed

gems/sqlite-vec/CVE-2024-46488.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
---
2+
gem: sqlite-vec
3+
cve: 2024-46488
4+
ghsa: vrcx-gx3g-j3h8
5+
url: https://github.com/advisories/GHSA-vrcx-gx3g-j3h8
6+
title: Heap-based Buffer Overflow in sqlite-vec
7+
date: 2024-09-25
8+
description: |
9+
sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow
10+
via the npy_token_next function. This vulnerability allows attackers
11+
to cause a Denial of Service (DoS) via a crafted file.
12+
13+
Workaround for CVE in release 0.1.3.
14+
cvss_v3: 9.1
15+
patched_versions:
16+
- ">= 0.1.3"
17+
related:
18+
url:
19+
- https://nvd.nist.gov/vuln/detail/CVE-2024-46488
20+
- https://github.com/asg017/sqlite-vec/releases/tag/v0.1.3
21+
- https://github.com/VulnSphere/LLMVulnSphere/blob/main/VectorDB/sqlite-vec/OOBR_2.md
22+
- https://github.com/advisories/GHSA-vrcx-gx3g-j3h8

0 commit comments

Comments
 (0)