Описание
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.
Отчет
This vulnerability is rated as having a moderate impact because it affects a non-critical component, lacks details on an easy exploitation method, and doesn't indicate severe impacts (such as remote code execution). So the risk is reduced by exploitation complexity and the absence of a clear and severe threat.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | sqlite | Not affected | ||
| Red Hat Enterprise Linux 7 | sqlite | Not affected | ||
| Red Hat Enterprise Linux 8 | sqlite | Fixed | RHSA-2024:0253 | 15.01.2024 |
| Red Hat Enterprise Linux 8 | sqlite | Fixed | RHSA-2024:0253 | 15.01.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | sqlite | Fixed | RHSA-2024:1107 | 05.03.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | sqlite | Fixed | RHSA-2024:0589 | 30.01.2024 |
| Red Hat Enterprise Linux 9 | sqlite | Fixed | RHSA-2024:0465 | 25.01.2024 |
| Red Hat Enterprise Linux 9 | sqlite | Fixed | RHSA-2024:0465 | 25.01.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | sqlite | Fixed | RHSA-2024:1081 | 05.03.2024 |
| Red Hat OpenShift Container Platform 4.13 | openshift4-wincw/windows-machine-config-operator-bundle | Fixed | RHSA-2024:1477 | 25.03.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie ...
EPSS
7.3 High
CVSS3