CVE-2022-35737

Опубликовано: 03 авг. 2022

Источник: debian

EPSS Средний

Описание

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Пакет	Статус	Версия исправления	Релиз	Тип
sqlite3	fixed	3.39.2-1		package
sqlite	removed			package

https://sqlite.org/forum/forumpost/3607259d3c
Debian sqlite3 packages not compiled with -DSQLITE_ENABLE_STAT4
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

EPSS

Процентиль: 98%

0.65609

Средний

CVE-2022-35737

CVSS3: 7.5

ubuntu

почти 3 года назад

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

CVE-2022-35737

CVSS3: 5.9

redhat

почти 3 года назад

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

CVE-2022-35737

CVSS3: 7.5

nvd

почти 3 года назад

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

CVE-2022-35737

msrc

больше 1 года назад

MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow

RLSA-2023:0339

rocky

больше 2 лет назад

Moderate: sqlite security update

EPSS

Процентиль: 98%

0.65609

Средний