Skip to content

Commit

Permalink
GHSA SYNC: 1 brand new advisory
Browse files Browse the repository at this point in the history
  • Loading branch information
jasnow authored and postmodern committed Sep 26, 2024
1 parent aa479b5 commit b3d2f38
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions gems/sqlite-vec/CVE-2024-46488.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
gem: sqlite-vec
cve: 2024-46488
ghsa: vrcx-gx3g-j3h8
url: https://github.com/advisories/GHSA-vrcx-gx3g-j3h8
title: Heap-based Buffer Overflow in sqlite-vec
date: 2024-09-25
description: |
sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow
via the npy_token_next function. This vulnerability allows attackers
to cause a Denial of Service (DoS) via a crafted file.
Workaround for CVE in release 0.1.3.
cvss_v3: 9.1
patched_versions:
- ">= 0.1.3"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2024-46488
- https://github.com/asg017/sqlite-vec/releases/tag/v0.1.3
- https://github.com/VulnSphere/LLMVulnSphere/blob/main/VectorDB/sqlite-vec/OOBR_2.md
- https://github.com/advisories/GHSA-vrcx-gx3g-j3h8

0 comments on commit b3d2f38

Please sign in to comment.