[SECURITY] [DSA 5373-1] node-sqlite3 security update

2023-03-1421:48:34

lists.debian.org

debian

sqlite3

node.js

security update

arbitrary code execution

bullseye distribution

package upgrade

security tracker

security advisory

mailing list

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

Debian Security Advisory DSA-5373-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
March 14, 2023 https://www.debian.org/security/faq

Package : node-sqlite3
CVE ID : CVE-2022-43441

Dave McDaniel discovered that the SQLite3 bindings for Node.js were
susceptible to the execution of arbitrary JavaScript code if a binding
parameter is a crafted object.

For the stable distribution (bullseye), this problem has been fixed in
version 5.0.0+ds1-1+deb11u2.

We recommend that you upgrade your node-sqlite3 packages.

For the detailed security status of node-sqlite3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-sqlite3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11ppc64elnode-sqlite3-dbgsym< 5.0.0+ds1-1+deb11u2node-sqlite3-dbgsym_5.0.0+ds1-1+deb11u2_ppc64el.deb
Debian11arm64node-sqlite3-dbgsym< 5.0.0+ds1-1+deb11u2node-sqlite3-dbgsym_5.0.0+ds1-1+deb11u2_arm64.deb
Debian11mipselnode-sqlite3< 5.0.0+ds1-1+deb11u2node-sqlite3_5.0.0+ds1-1+deb11u2_mipsel.deb
Debian11arm64node-sqlite3< 5.0.0+ds1-1+deb11u2node-sqlite3_5.0.0+ds1-1+deb11u2_arm64.deb
Debian11ppc64elnode-sqlite3< 5.0.0+ds1-1+deb11u2node-sqlite3_5.0.0+ds1-1+deb11u2_ppc64el.deb
Debian11amd64node-sqlite3-dbgsym< 5.0.0+ds1-1+deb11u2node-sqlite3-dbgsym_5.0.0+ds1-1+deb11u2_amd64.deb
Debian11mips64elnode-sqlite3< 5.0.0+ds1-1+deb11u2node-sqlite3_5.0.0+ds1-1+deb11u2_mips64el.deb
Debian11s390xnode-sqlite3-dbgsym< 5.0.0+ds1-1+deb11u2node-sqlite3-dbgsym_5.0.0+ds1-1+deb11u2_s390x.deb
Debian11i386node-sqlite3< 5.0.0+ds1-1+deb11u2node-sqlite3_5.0.0+ds1-1+deb11u2_i386.deb
Debian11mipselnode-sqlite3-dbgsym< 5.0.0+ds1-1+deb11u2node-sqlite3-dbgsym_5.0.0+ds1-1+deb11u2_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	ppc64el	node-sqlite3-dbgsym	< 5.0.0+ds1-1+deb11u2	node-sqlite3-dbgsym_5.0.0+ds1-1+deb11u2_ppc64el.deb
Debian	11	arm64	node-sqlite3-dbgsym	< 5.0.0+ds1-1+deb11u2	node-sqlite3-dbgsym_5.0.0+ds1-1+deb11u2_arm64.deb
Debian	11	mipsel	node-sqlite3	< 5.0.0+ds1-1+deb11u2	node-sqlite3_5.0.0+ds1-1+deb11u2_mipsel.deb
Debian	11	arm64	node-sqlite3	< 5.0.0+ds1-1+deb11u2	node-sqlite3_5.0.0+ds1-1+deb11u2_arm64.deb
Debian	11	ppc64el	node-sqlite3	< 5.0.0+ds1-1+deb11u2	node-sqlite3_5.0.0+ds1-1+deb11u2_ppc64el.deb
Debian	11	amd64	node-sqlite3-dbgsym	< 5.0.0+ds1-1+deb11u2	node-sqlite3-dbgsym_5.0.0+ds1-1+deb11u2_amd64.deb
Debian	11	mips64el	node-sqlite3	< 5.0.0+ds1-1+deb11u2	node-sqlite3_5.0.0+ds1-1+deb11u2_mips64el.deb
Debian	11	s390x	node-sqlite3-dbgsym	< 5.0.0+ds1-1+deb11u2	node-sqlite3-dbgsym_5.0.0+ds1-1+deb11u2_s390x.deb
Debian	11	i386	node-sqlite3	< 5.0.0+ds1-1+deb11u2	node-sqlite3_5.0.0+ds1-1+deb11u2_i386.deb
Debian	11	mipsel	node-sqlite3-dbgsym	< 5.0.0+ds1-1+deb11u2	node-sqlite3-dbgsym_5.0.0+ds1-1+deb11u2_mipsel.deb