From 4e24372e46cfde90da8b62e31231d7d5ac32ff7a Mon Sep 17 00:00:00 2001 From: Eric Sink Date: Tue, 12 May 2026 11:23:50 -0500 Subject: [PATCH] Improve GHSA-2m69-gcr7-jv3q --- .../GHSA-2m69-gcr7-jv3q.json | 57 ++++++++++++++++--- 1 file changed, 49 insertions(+), 8 deletions(-) diff --git a/advisories/unreviewed/2025/07/GHSA-2m69-gcr7-jv3q/GHSA-2m69-gcr7-jv3q.json b/advisories/unreviewed/2025/07/GHSA-2m69-gcr7-jv3q/GHSA-2m69-gcr7-jv3q.json index 9365d3e76d422..b5d251c0318ab 100644 --- a/advisories/unreviewed/2025/07/GHSA-2m69-gcr7-jv3q/GHSA-2m69-gcr7-jv3q.json +++ b/advisories/unreviewed/2025/07/GHSA-2m69-gcr7-jv3q/GHSA-2m69-gcr7-jv3q.json @@ -1,23 +1,64 @@ { "schema_version": "1.4.0", "id": "GHSA-2m69-gcr7-jv3q", - "modified": "2026-04-14T12:31:28Z", + "modified": "2026-04-14T12:32:35Z", "published": "2025-07-15T15:31:00Z", "aliases": [ "CVE-2025-6965" ], + "summary": "Add affected nuget packages", "details": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", - "severity": [ + "severity": [], + "affected": [ { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + "package": { + "ecosystem": "NuGet", + "name": "SQLitePCLRaw.lib.e_sqlite3" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + } + ] + } + ] }, { - "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green" + "package": { + "ecosystem": "NuGet", + "name": "SQLitePCLRaw.lib.e_sqlite3.android" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "NuGet", + "name": "SQLitePCLRaw.lib.e_sqlite3.ios" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + } + ] + } + ] } ], - "affected": [], "references": [ { "type": "ADVISORY", @@ -64,7 +105,7 @@ "cwe_ids": [ "CWE-197" ], - "severity": "HIGH", + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-07-15T14:15:31Z"