CVE-2023-7104

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SQLite versions up to 3.43.0

Description A critical issue affects the sessionReadRecord function of the file ext/session/sqlite3session.c, leading to a heap-based buffer overflow. This can be exploited by a remote attacker to impact confidentiality, integrity, and availability. The manipulation involves improper bounds checking, allowing a specially crafted request to overflow a buffer and potentially execute arbitrary code on the system.

Recommendations For SQLite versions up to 3.43.0, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the sessionReadRecord function until a patch is available.

Exploit

Fix

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-119

Related Identifiers

ALSA-2024:0253

ALSA-2024:0465

ALT-PU-2024-2509

ALT-PU-2024-2614

AZL-32297

BDU:2024-00480

BIT-SQLITE-2023-7104

CESA-2024_0253

CVE-2023-7104

DLA-3907-1

INFSA-2024_0465

MGASA-2024-0073

OESA-2024-1058

OESA-2024-1063

RHSA-2024:0253

RHSA-2024:0465

RHSA-2024:0589

RHSA-2024:1081

RHSA-2024:1107

RHSA-2024_0253

RHSA-2024_0465

RLSA-2024:0253

ROSA-SA-2025-2667

USN-6566-1

USN-6566-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Sqlite

Ubuntu

CVE-2023-7104

Weakness Enumeration

Related Identifiers

Affected Products

References · 71