Описание
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
An array-bounds overflow vulnerability was discovered in SQLite. The vulnerability occurs when handling an overly large input passed as a string argument to some of the C-language APIs provided by SQLite. This flaw allows a remote attacker to pass specially crafted large input to the application and perform a denial of service (DoS) attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | sqlite | Out of support scope | ||
| Red Hat Enterprise Linux 8 | sqlite | Fixed | RHSA-2023:0110 | 12.01.2023 |
| Red Hat Enterprise Linux 8 | sqlite | Fixed | RHSA-2023:0110 | 12.01.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | sqlite | Fixed | RHSA-2024:0425 | 25.01.2024 |
| Red Hat Enterprise Linux 9 | sqlite | Fixed | RHSA-2023:0339 | 23.01.2023 |
| Red Hat Enterprise Linux 9 | sqlite | Fixed | RHSA-2023:0339 | 23.01.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-b ...
EPSS
5.9 Medium
CVSS3