PT-2017-2464 · Sqlite+3 · Sqlite+3

Publicado

2017-07-07

Atualizado

2021-09-23

CVE-2017-10989

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.19.4

Description The issue is related to the getNodeSize function in SQLite, which mishandles undersized RTree blobs in a crafted database. This can lead to a heap-based buffer over-read or possibly other unspecified impacts. The vulnerability is caused by a buffer overflow in memory, allowing a remote attacker to potentially exploit it by using reduced-size RTree blobs in a created database.

Recommendations For SQLite versions prior to 3.19.4, update to version 3.19.4 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted databases that may contain undersized RTree blobs to minimize the risk of exploitation.

Correção

Out of bounds Read

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-119

Identificadores relacionados

ALT-PU-2017-2119

BDU:2017-01674

CVE-2017-10989

DLA-1018-1

DLA-1633-1

MGASA-2017-0238

OPENSUSE-SU-2019_1426-1

SUSE-SU-2019:1208-1

SUSE-SU-2019:1522-1

SUSE-SU-2019_1208-1

SUSE-SU-2019_1522-1

SUSE-SU-2021:3215-1

USN-4019-1

USN-4019-2

Produtos afetados

Alt Linux

Sqlite

Suse

Ubuntu

PT-2017-2464 · Sqlite+3 · Sqlite+3

CVE-2017-10989

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 148