Vulnerabilites related to SQLite - SQLite3
cve-2023-7104
Vulnerability from cvelistv5
Published
2023-12-25 21:00
Modified
2025-02-13 17:27
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SQLite | SQLite3 |
Version: 3.0 Version: 3.1 Version: 3.2 Version: 3.3 Version: 3.4 Version: 3.5 Version: 3.6 Version: 3.7 Version: 3.8 Version: 3.9 Version: 3.10 Version: 3.11 Version: 3.12 Version: 3.13 Version: 3.14 Version: 3.15 Version: 3.16 Version: 3.17 Version: 3.18 Version: 3.19 Version: 3.20 Version: 3.21 Version: 3.22 Version: 3.23 Version: 3.24 Version: 3.25 Version: 3.26 Version: 3.27 Version: 3.28 Version: 3.29 Version: 3.30 Version: 3.31 Version: 3.32 Version: 3.33 Version: 3.34 Version: 3.35 Version: 3.36 Version: 3.37 Version: 3.38 Version: 3.39 Version: 3.40 Version: 3.41 Version: 3.42 Version: 3.43 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:50:08.189Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.248999", }, { tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.248999", }, { tags: [ "related", "x_transferred", ], url: "https://sqlite.org/forum/forumpost/5bcbf4571c", }, { tags: [ "patch", "x_transferred", ], url: "https://sqlite.org/src/info/0e4e7a05c4204b47", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240112-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { modules: [ "make alltest Handler", ], product: "SQLite3", vendor: "SQLite", versions: [ { status: "affected", version: "3.0", }, { status: "affected", version: "3.1", }, { status: "affected", version: "3.2", }, { status: "affected", version: "3.3", }, { status: "affected", version: "3.4", }, { status: "affected", version: "3.5", }, { status: "affected", version: "3.6", }, { status: "affected", version: "3.7", }, { status: "affected", version: "3.8", }, { status: "affected", version: "3.9", }, { status: "affected", version: "3.10", }, { status: "affected", version: "3.11", }, { status: "affected", version: "3.12", }, { status: "affected", version: "3.13", }, { status: "affected", version: "3.14", }, { status: "affected", version: "3.15", }, { status: "affected", version: "3.16", }, { status: "affected", version: "3.17", }, { status: "affected", version: "3.18", }, { status: "affected", version: "3.19", }, { status: "affected", version: "3.20", }, { status: "affected", version: "3.21", }, { status: "affected", version: "3.22", }, { status: "affected", version: "3.23", }, { status: "affected", version: "3.24", }, { status: "affected", version: "3.25", }, { status: "affected", version: "3.26", }, { status: "affected", version: "3.27", }, { status: "affected", version: "3.28", }, { status: "affected", version: "3.29", }, { status: "affected", version: "3.30", }, { status: "affected", version: "3.31", }, { status: "affected", version: "3.32", }, { status: "affected", version: "3.33", }, { status: "affected", version: "3.34", }, { status: "affected", version: "3.35", }, { status: "affected", version: "3.36", }, { status: "affected", version: "3.37", }, { status: "affected", version: "3.38", }, { status: "affected", version: "3.39", }, { status: "affected", version: "3.40", }, { status: "affected", version: "3.41", }, { status: "affected", version: "3.42", }, { status: "affected", version: "3.43", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Junwha Hong", }, { lang: "en", type: "finder", value: "Wonil Jang", }, { lang: "en", type: "analyst", value: "qbit (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", }, { lang: "de", value: "Eine kritische Schwachstelle wurde in SQLite SQLite3 bis 3.43.0 gefunden. Hierbei geht es um die Funktion sessionReadRecord der Datei ext/session/sqlite3session.c der Komponente make alltest Handler. Durch die Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Als bestmögliche Massnahme wird Patching empfohlen.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 5.2, vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T14:06:21.135Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.248999", }, { tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.248999", }, { tags: [ "related", ], url: "https://sqlite.org/forum/forumpost/5bcbf4571c", }, { tags: [ "patch", ], url: "https://sqlite.org/src/info/0e4e7a05c4204b47", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", }, { url: "https://security.netapp.com/advisory/ntap-20240112-0008/", }, ], timeline: [ { lang: "en", time: "2023-12-25T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2023-12-25T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2023-12-29T10:49:22.000Z", value: "VulDB entry last update", }, ], title: "SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2023-7104", datePublished: "2023-12-25T21:00:05.997Z", dateReserved: "2023-12-25T14:00:48.991Z", dateUpdated: "2025-02-13T17:27:03.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }