GHSA-vrcx-gx3g-j3h8

Source

https://github.com/advisories/GHSA-vrcx-gx3g-j3h8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-vrcx-gx3g-j3h8/GHSA-vrcx-gx3g-j3h8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vrcx-gx3g-j3h8

Aliases

CVE-2024-46488

Published

2024-09-25T18:31:21Z

Modified

2024-10-02T21:22:41.575859Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Heap-based Buffer Overflow in sqlite-vec

Details

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npytokennext function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

Database specific

{
    "nvd_published_at": "2024-09-25T18:15:05Z",
    "severity": "HIGH",
    "github_reviewed_at": "2024-09-25T22:13:19Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-122",
        "CWE-787"
    ]
}

References

Affected packages

PyPI / sqlite-vec

Package

Name: sqlite-vec; View open source insights on deps.dev
Purl: pkg:pypi/sqlite-vec

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.3

Affected versions

0.*

0.0.1a3

0.0.1a7

0.0.1a8

0.0.1a9

0.0.1a10

0.0.1a12

0.0.1a13

0.0.1a14

0.0.1a16

0.0.1a17

0.0.1a18

0.0.1a19

0.0.1a20

0.0.1a21

0.0.1a22

0.0.1a23

0.0.1a24

0.0.1a25

0.0.1a26

0.0.1a27

0.0.1a28

0.0.1a29

0.0.1a30

0.0.1a31

0.0.1a32

0.0.1a33

0.0.1a34

0.0.1a35

0.0.1a36

0.0.1a37

0.1.0a1

0.1.0

0.1.1a2

0.1.1a3

0.1.1

0.1.2a1

0.1.2a2

0.1.2a4

0.1.2a5

0.1.2a6

0.1.2a7

0.1.2a9

0.1.2a10

0.1.2

0.1.3a1

0.1.3a2

0.1.3a3

npm / sqlite-vec

Package

Name: sqlite-vec; View open source insights on deps.dev
Purl: pkg:npm/sqlite-vec

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.3

RubyGems / sqlite-vec

Package

Name: sqlite-vec
Purl: pkg:gem/sqlite-vec

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.3

Affected versions

0.*

0.0.1.alpha.3

0.0.1.alpha.7

0.0.1.alpha.8

0.0.1.alpha.9

0.0.1.alpha.10

0.0.1.alpha.12

0.0.1.alpha.13

0.0.1.alpha.14

0.0.1.alpha.16

0.0.1.alpha.17

0.0.1.alpha.18

0.0.1.alpha.19

0.0.1.alpha.20

0.0.1.alpha.21

0.0.1.alpha.22

0.0.1.alpha.23

0.0.1.alpha.24

0.0.1.alpha.25

0.0.1.alpha.26

0.0.1.alpha.27

0.0.1.alpha.28

0.0.1.alpha.29

0.0.1.alpha.30

0.0.1.alpha.31

0.0.1.alpha.32

0.0.1.alpha.33

0.0.1.alpha.34

0.0.1.alpha.35

0.0.1.alpha.36

0.0.1.alpha.37

0.1.0.alpha.1

0.1.0

0.1.1.alpha.1

0.1.1.alpha.2

0.1.1.alpha.3

0.1.1

0.1.2.alpha.1

0.1.2.alpha.2

0.1.2.alpha.4

0.1.2.alpha.5

0.1.2.alpha.6

0.1.2.alpha.7

0.1.2.alpha.9

0.1.2.alpha.10

0.1.2

0.1.3.alpha.1

0.1.3.alpha.2

0.1.3.alpha.3

crates.io / sqlite-vec

Package

Name: sqlite-vec; View open source insights on deps.dev
Purl: pkg:cargo/sqlite-vec

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.3