PT-2023-4471 · Sqlite3+1 · Sqlite3+1

Bytsiming

Publicado

2021-04-21

Atualizado

2024-03-06

CVE-2021-31239

CVSS v2.0

9.4

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions SQLite3 version 3.35.4

Description The issue in the appendvfs.c component of the SQLite database management system is related to reading beyond the valid boundaries of a data buffer. This can be exploited by a remote attacker to cause a denial of service. The appendvfs.c function is specifically mentioned as the vulnerable component.

Recommendations For SQLite3 version 3.35.4, consider disabling the appendvfs.c function as a temporary workaround to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2021-1689

BDU:2023-04866

BIT-SQLITE-2021-31239

CVE-2021-31239

Produtos afetados

Alt Linux

Sqlite3

PT-2023-4471 · Sqlite3+1 · Sqlite3+1

CVE-2021-31239

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27