Home > Vulnerability Database > WS-2022-0324

Mend.io Vulnerability Database

WS-2022-0324

Date: August 19, 2025

The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4. libsqlite v3.39.4 addresses a vulnerability described as follows in the release notification: Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so this should be considered a security update. In order to exploit the vulnerability, an attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit signed integer overflow.

Language: Ruby

Severity Score

9.8

Related Resources (5)

Url: https://github.com/sparklemotion/sqlite3-ruby/commit/8ebb39d36483a2f3fd6601ac10a5fae899ce1208#diff-bd08eecf2a8519d8fd0dab9cbbc37b9f2bf123e3a75beb7247045a82fa98fa82

Url: https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-mgvv-5mxp-xq67

Url: https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v1.5.1

Url: https://github.com/sparklemotion/sqlite3-ruby

Url: https://www.mend.io/vulnerability-database/WS-2022-0324

Severity Score

9.8

Weakness Type (CWE)

SQL Injection: Hibernate

CWE-564

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2022-0324

Date: August 19, 2025

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?