Описание
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
An integer overflow flaw was found in the SQLite implementation of the printf() function. This flaw allows an attacker who can control the precision of floating-point conversions, to crash the application, resulting in a denial of service.
Отчет
This flaw did not affect the versions of SQLite as shipped with Red Hat Enterprise Linux 7 as they did not include support for the printf() function, which was introduced in a later version of the package.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | sqlite | Out of support scope | ||
| Red Hat Enterprise Linux 6 | sqlite | Out of support scope | ||
| Red Hat Enterprise Linux 7 | sqlite | Not affected | ||
| Red Hat Enterprise Linux 8 | sqlite | Fixed | RHSA-2021:1581 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | mingw-binutils | Fixed | RHSA-2021:1968 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | mingw-bzip2 | Fixed | RHSA-2021:1968 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | mingw-filesystem | Fixed | RHSA-2021:1968 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | mingw-sqlite | Fixed | RHSA-2021:1968 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | sqlite | Fixed | RHSA-2021:1581 | 18.05.2021 |
| Red Hat Openshift Data Foundation 4.19 | odf4/cephcsi-rhel9 | Fixed | RHSA-2025:16504 | 23.09.2025 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf ...
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
5.5 Medium
CVSS3