CVE-2022-21227

Name of the Vulnerable Software and Affected Versions sqlite3 versions 5.0.0 through 5.0.2

Description The issue is related to an uncontrolled resource consumption in the V8 component of the SQLite database management system, which can lead to a Denial of Service (DoS). Exploitation of this issue can cause the application to crash when a specific object is supplied in the parameter array. The error cannot be caught and will result in a fatal error. The toString function of the passed parameter is invoked, and if an invalid Function object is passed, it will throw and crash the V8 engine.

Recommendations For versions 5.0.0, 5.0.1, and 5.0.2, upgrade to version 5.0.3 or later to resolve the issue. As a temporary workaround, ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters.