Описание
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Отчет
The SQLite package as shipped with Red Hat Enterprise Linux 7 and previous versions are not affected by this flaw. The bug was introduced on sqlite-3.8.5 while Red Hat Enterprise Linux 7 and previous releases ships sqlite <= 3.7.17.
Меры по смягчению последствий
An user can mitigate the risk of this vulnerability by:
- Avoid using ANALYZE command on queries;
- Disabling the PRAGMA optimize for affected SQLite instances;
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | sqlite | Not affected | ||
| Red Hat Enterprise Linux 6 | sqlite | Not affected | ||
| Red Hat Enterprise Linux 7 | sqlite | Not affected | ||
| Red Hat Enterprise Linux 8 | sqlite | Fixed | RHSA-2020:4442 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | mingw-binutils | Fixed | RHSA-2021:1968 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | mingw-bzip2 | Fixed | RHSA-2021:1968 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | mingw-filesystem | Fixed | RHSA-2021:1968 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | mingw-sqlite | Fixed | RHSA-2021:1968 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | sqlite | Fixed | RHSA-2020:4442 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...
6.5 Medium
CVSS3