Описание
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| db5.3 | fixed | 5.3.28+dfsg1-0.9 | package | |
| db5.3 | ignored | bullseye | package | |
| db5.3 | ignored | buster | package | |
| db5.3 | ignored | stretch | package | |
| sqlite3 | fixed | 3.27.2-3 | package | |
| sqlite3 | ignored | stretch | package | |
| sqlite3 | ignored | jessie | package | |
| sqlite | not-affected | package |
Примечания
Fixed by: https://www.sqlite.org/src/info/90acdbfce9c08858
Make the internal dynamic string interface available to extensions:
https://sqlite.org/src/info/87f261f0cb800b06
Affected function is not used in Debian and meant for debugging purposes,
backporting the fix would be very complex.
https://lists.debian.org/debian-lts/2023/06/msg00012.html
https://lists.debian.org/debian-lts/2019/06/msg00013.html
https://lists.debian.org/debian-lts/2019/06/msg00036.html
Связанные уязвимости
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
