Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:1455-1

Опубликовано: 07 мая 2025
Источник: suse-cvrf

Описание

Security update for sqlite3

This update for sqlite3 fixes the following issues:

  • CVE-2025-3277,CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020)
  • CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)

Other fixes:

  • Updated to version 3.49.1 from Factory (jsc#SLE-16032)

Список пакетов

Image SLES12-SP5-Azure-BYOS
libsqlite3-0-3.49.1-9.33.1
sqlite3-tcl-3.49.1-9.33.1
Image SLES12-SP5-Azure-HPC-BYOS
libsqlite3-0-3.49.1-9.33.1
sqlite3-tcl-3.49.1-9.33.1
Image SLES12-SP5-Azure-HPC-On-Demand
libsqlite3-0-3.49.1-9.33.1
sqlite3-tcl-3.49.1-9.33.1
Image SLES12-SP5-Azure-SAP-BYOS
libsqlite3-0-3.49.1-9.33.1
sqlite3-3.49.1-9.33.1
sqlite3-tcl-3.49.1-9.33.1
Image SLES12-SP5-Azure-SAP-On-Demand
libsqlite3-0-3.49.1-9.33.1
sqlite3-3.49.1-9.33.1
sqlite3-tcl-3.49.1-9.33.1
Image SLES12-SP5-Azure-Standard-On-Demand
libsqlite3-0-3.49.1-9.33.1
sqlite3-tcl-3.49.1-9.33.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libsqlite3-0-3.49.1-9.33.1
libsqlite3-0-32bit-3.49.1-9.33.1
sqlite3-3.49.1-9.33.1
sqlite3-devel-3.49.1-9.33.1
sqlite3-tcl-3.49.1-9.33.1

Ссылки

Описание

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libsqlite3-0-3.49.1-9.33.1
Image SLES12-SP5-Azure-BYOS:sqlite3-tcl-3.49.1-9.33.1
Image SLES12-SP5-Azure-HPC-BYOS:libsqlite3-0-3.49.1-9.33.1
Image SLES12-SP5-Azure-HPC-BYOS:sqlite3-tcl-3.49.1-9.33.1
Ссылки

Описание

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libsqlite3-0-3.49.1-9.33.1
Image SLES12-SP5-Azure-BYOS:sqlite3-tcl-3.49.1-9.33.1
Image SLES12-SP5-Azure-HPC-BYOS:libsqlite3-0-3.49.1-9.33.1
Image SLES12-SP5-Azure-HPC-BYOS:sqlite3-tcl-3.49.1-9.33.1
Ссылки

Описание

An integer overflow can be triggered in SQLite's `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libsqlite3-0-3.49.1-9.33.1
Image SLES12-SP5-Azure-BYOS:sqlite3-tcl-3.49.1-9.33.1
Image SLES12-SP5-Azure-HPC-BYOS:libsqlite3-0-3.49.1-9.33.1
Image SLES12-SP5-Azure-HPC-BYOS:sqlite3-tcl-3.49.1-9.33.1
Ссылки
Уязвимость SUSE-SU-2025:1455-1