Описание
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.
A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concat_ws function.
Отчет
The severity of this vulnerability is rated as Moderate, despite the potential for a severe outcome in unrestricted environments, primarily due to the limited impact observed within typical product deployments and the strong defense layers in regulated systems. The underlying flaw is a software error identified as CWE-190: Integer Overflow or Wraparound , which, when triggered, can corrupt memory and potentially lead to a complete compromise of system availability. However, a critical factor in the Moderate rating is that Red Hat’s product impact assessment determined that the vulnerability is limited to a Denial of Service (DoS) outcome, preventing Confidentiality or Integrity compromise. Furthermore, regulated environments introduce multiple significant barriers: process isolation ensures that any memory corruption is contained within the single affected process; least functionality reduces the initial attack surface; and layered memory protection mechanisms like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance system resilience against memory manipulation attacks. These controls collectively make successful exploitation difficult, contain the damage to a service crash, and justify the Moderate rating instead of the upstream High score. RHEL/UBI 9 ships SQLite version 3.34.1, which is not affected by this CVE.This vulnerability only exists in SQLite versions 3.44.0 through 3.49.0. Red Hat evaluated the vulnerability according to our standard product impact assessment criteria and determined that the issue does not meet the threshold for a High severity rating. Although the upstream advisory scored the issue as High based on potential impact, exploitation requires specific conditions and is limited in scope within Red Hat products. Even if triggered, the vulnerability is limited to a denial-of-service outcome rather than remote code execution or compromise of confidentiality or integrity. For this reason, Red Hat assigned a Moderate severity rating.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | sqlite | Fix deferred | ||
| Red Hat Enterprise Linux 6 | sqlite | Out of support scope | ||
| Red Hat Enterprise Linux 7 | sqlite | Out of support scope | ||
| Red Hat Enterprise Linux 8 | mingw-sqlite | Not affected | ||
| Red Hat Enterprise Linux 8 | nodejs:22/nodejs | Fix deferred | ||
| Red Hat Enterprise Linux 8 | rust-toolset:rhel8/rust | Fix deferred | ||
| Red Hat Enterprise Linux 8 | sqlite | Not affected | ||
| Red Hat Enterprise Linux 9 | nodejs:22/nodejs | Fix deferred | ||
| Red Hat Enterprise Linux 9 | rust | Fix deferred | ||
| Red Hat Enterprise Linux 9 | sqlite | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL fun ...
Sqlite 3.49.0 is susceptible to integer overflow through the concat function.
EPSS
5.5 Medium
CVSS3