Updated advisory posts against rubysec/ruby-advisory-db@b3d2f38

jasnow · RubySec CI · commit 132860c20b89 · 2024-09-26T20:36:32.000Z
diff --git a/advisories/_posts/2024-09-25-CVE-2024-46488.md b/advisories/_posts/2024-09-25-CVE-2024-46488.md
@@ -0,0 +1,29 @@
+---
+layout: advisory
+title: 'CVE-2024-46488 (sqlite-vec): Heap-based Buffer Overflow in sqlite-vec'
+comments: false
+categories:
+- sqlite-vec
+advisory:
+  gem: sqlite-vec
+  cve: 2024-46488
+  ghsa: vrcx-gx3g-j3h8
+  url: https://github.com/advisories/GHSA-vrcx-gx3g-j3h8
+  title: Heap-based Buffer Overflow in sqlite-vec
+  date: 2024-09-25
+  description: |
+    sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow
+    via the npy_token_next function. This vulnerability allows attackers
+    to cause a Denial of Service (DoS) via a crafted file.
+
+    Workaround for CVE in release 0.1.3.
+  cvss_v3: 9.1
+  patched_versions:
+  - ">= 0.1.3"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-46488
+    - https://github.com/asg017/sqlite-vec/releases/tag/v0.1.3
+    - https://github.com/VulnSphere/LLMVulnSphere/blob/main/VectorDB/sqlite-vec/OOBR_2.md
+    - https://github.com/advisories/GHSA-vrcx-gx3g-j3h8
+---
