PT-2023-8333 · Sqlite+10 · Sqlite+10

Junwha Hong

Publicado

2023-12-25

Atualizado

2025-01-28

CVE-2023-7104

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SQLite versions up to 3.43.0

Description A critical issue affects the sessionReadRecord function of the file ext/session/sqlite3session.c, leading to a heap-based buffer overflow. This can be exploited by a remote attacker to impact confidentiality, integrity, and availability. The manipulation involves improper bounds checking, allowing a specially crafted request to overflow a buffer and potentially execute arbitrary code on the system.

Recommendations For SQLite versions up to 3.43.0, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the sessionReadRecord function until a patch is available.

Exploit

Correção

DoS

Buffer Overflow

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-122

Identificadores relacionados

ALSA-2024:0253

ALSA-2024:0465

ALT-PU-2024-2509

ALT-PU-2024-2614

AZL-32297

BDU:2024-00480

BIT-SQLITE-2023-7104

CESA-2024_0253

CVE-2023-7104

DLA-3907-1

INFSA-2024_0465

MGASA-2024-0073

OESA-2024-1058

OESA-2024-1063

RHSA-2024:0253

RHSA-2024:0465

RHSA-2024:0589

RHSA-2024:1081

RHSA-2024:1107

RHSA-2024_0253

RHSA-2024_0465

RLSA-2024:0253

ROSA-SA-2025-2667

USN-6566-1

USN-6566-2

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Sqlite

Ubuntu

PT-2023-8333 · Sqlite+10 · Sqlite+10

CVE-2023-7104

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 73