PT-2024-32012 · Unknown · Sqlite-Vec

Published

2024-09-25

Updated

2024-10-07

CVE-2024-46488

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions sqlite-vec version 0.1.1

Description The issue is related to a heap buffer overflow via the npy token next function, allowing attackers to cause a Denial of Service (DoS) via a crafted file.

Recommendations For sqlite-vec version 0.1.1, upgrade to version 0.1.3 to resolve the issue.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

CVE-2024-46488

GHSA-VRCX-GX3G-J3H8

Affected Products

Sqlite-Vec

PT-2024-32012 · Unknown · Sqlite-Vec

CVE-2024-46488

Weakness Enumeration

Related Identifiers

Affected Products

References · 13