Описание
Уязвимость компонента /sqlite3_aflpp/shell.c системы управления базами данных SQLite вызвана выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Вендор
Red Hat Inc.
Novell Inc.
Canonical Ltd.
Fedora Project
Hipp Wyrick Company Inc
Наименование ПО
Red Hat Enterprise Linux
Suse Linux Enterprise Desktop
SUSE Linux Enterprise Server for SAP Applications
Suse Linux Enterprise Server
Ubuntu
Fedora
SQLite
Версия ПО
6 (Red Hat Enterprise Linux)
7 (Red Hat Enterprise Linux)
12 SP3 (Suse Linux Enterprise Desktop)
12 SP4 (Suse Linux Enterprise Desktop)
12 SP2 (SUSE Linux Enterprise Server for SAP Applications)
12 SP3 (SUSE Linux Enterprise Server for SAP Applications)
12 SP4 (SUSE Linux Enterprise Server for SAP Applications)
12 SP3 (Suse Linux Enterprise Server)
12 SP4 (Suse Linux Enterprise Server)
8 (Red Hat Enterprise Linux)
12 SP2-BCL (Suse Linux Enterprise Server)
12 SP2-ESPOS (Suse Linux Enterprise Server)
11 SP4 (SUSE Linux Enterprise Server for SAP Applications)
12 SP1 (SUSE Linux Enterprise Server for SAP Applications)
15 (SUSE Linux Enterprise Server for SAP Applications)
15 SP1 (SUSE Linux Enterprise Server for SAP Applications)
12 SP1-LTSS (Suse Linux Enterprise Server)
12 SP2-LTSS (Suse Linux Enterprise Server)
12 SP3-BCL (Suse Linux Enterprise Server)
12 SP5 (Suse Linux Enterprise Server)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
12 SP3-ESPOS (Suse Linux Enterprise Server)
12 SP2 (Suse Linux Enterprise Server)
15-LTSS (Suse Linux Enterprise Server)
12 SP1 (Suse Linux Enterprise Desktop)
12 SP1 (Suse Linux Enterprise Server)
12 (SUSE Linux Enterprise Server for SAP Applications)
20.04 (Ubuntu)
12 SP4-ESPOS (Suse Linux Enterprise Server)
12 SP4-LTSS (Suse Linux Enterprise Server)
15 SP1-BCL (Suse Linux Enterprise Server)
15 SP1-LTSS (Suse Linux Enterprise Server)
15 SP1 (Suse Linux Enterprise Server)
15 SP2 LTSS (Suse Linux Enterprise Server)
15 SP3 (Suse Linux Enterprise Server)
15 SP3 (SUSE Linux Enterprise Server for SAP Applications)
15 SP3 (Suse Linux Enterprise Desktop)
15 SP2 (Suse Linux Enterprise Server)
15 SP2 (SUSE Linux Enterprise Server for SAP Applications)
15 SP2 (Suse Linux Enterprise Desktop)
15 SP4 (Suse Linux Enterprise Desktop)
15 (Suse Linux Enterprise Server)
15 SP2-BCL (Suse Linux Enterprise Server)
15 SP4 (SUSE Linux Enterprise Server for SAP Applications)
9 (Red Hat Enterprise Linux)
15 SP1 (Suse Linux Enterprise Desktop)
15 (Suse Linux Enterprise Desktop)
37 (Fedora)
15 SP3-LTSS (Suse Linux Enterprise Server)
38 (Fedora)
15 SP5 (SUSE Linux Enterprise Server for SAP Applications)
15 SP5 (Suse Linux Enterprise Server)
15 SP5 (Suse Linux Enterprise Desktop)
3.40.1 (SQLite)
Тип ПО
Операционная система
СУБД
Операционные системы и аппаратные платформы
Novell Inc. Suse Linux Enterprise Desktop 12 SP3
Novell Inc. Suse Linux Enterprise Desktop 12 SP4
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4
Novell Inc. Suse Linux Enterprise Server 12 SP3
Novell Inc. Suse Linux Enterprise Server 12 SP4
Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP4
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1
Novell Inc. Suse Linux Enterprise Server 12 SP1-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5
Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS
Novell Inc. Suse Linux Enterprise Server 12 SP2
Novell Inc. Suse Linux Enterprise Server 15-LTSS
Novell Inc. Suse Linux Enterprise Desktop 12 SP1
Novell Inc. Suse Linux Enterprise Server 12 SP1
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12
Canonical Ltd. Ubuntu 20.04
Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS
Novell Inc. Suse Linux Enterprise Server 12 SP4-LTSS
Novell Inc. Suse Linux Enterprise Server 15 SP1-BCL
Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS
Novell Inc. Suse Linux Enterprise Server 15 SP1
Novell Inc. Suse Linux Enterprise Server 15 SP2 LTSS
Novell Inc. Suse Linux Enterprise Server 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3
Novell Inc. Suse Linux Enterprise Desktop 15 SP3
Novell Inc. Suse Linux Enterprise Server 15 SP2
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2
Novell Inc. Suse Linux Enterprise Desktop 15 SP2
Novell Inc. Suse Linux Enterprise Desktop 15 SP4
Novell Inc. Suse Linux Enterprise Server 15
Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4
Novell Inc. Suse Linux Enterprise Desktop 15 SP1
Novell Inc. Suse Linux Enterprise Desktop 15
Fedora Project Fedora 37
Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS
Fedora Project Fedora 38
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5
Novell Inc. Suse Linux Enterprise Server 15 SP5
Novell Inc. Suse Linux Enterprise Desktop 15 SP5
Уровень опасности уязвимости
Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4,9)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 5,5)
Возможные меры по устранению уязвимости
Использование рекомендаций:
Для SQLite:
https://www.sqlite.org/forum/forumpost/19f
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2023-36191.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2023-36191
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Существует в открытом доступе
Информация об устранении
Уязвимость устранена
Ссылки на источники
Идентификаторы других систем описаний уязвимостей
- CVE
5.5 Medium
CVSS3
4.9 Medium
CVSS2
Связанные уязвимости
ubuntu
больше 2 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS3: 5.5
redhat
больше 2 лет назад
A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.
nvd
больше 2 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS3: 5.5
github
больше 2 лет назад
sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c.
5.5 Medium
CVSS3
4.9 Medium
CVSS2