Name of the Vulnerable Software and Affected Versions sqlite3 versions 1.5.0

Description A potential vulnerability in the FTS3 extension of libsqlite has been identified, which can be exploited by an attacker with full SQL access who can construct a corrupt database with over 2GB of FTS3 content. The issue arises from a 32-bit signed integer overflow.

Recommendations Upgrade to the rubygem sqlite3 v1.5.1 or later. As an alternative for users who are unable to upgrade the sqlite3 gem, compile and link sqlite3 against external libsqlite >= 3.39.4 to address the issue.