lSQLite3 is vulnerable to out of bound(OOB) reads. The component rtree Table Handler
in the function rtreenode()
does not properly handle invalid rtree tables, leading to OOB if the input is malicious.
CPE | Name | Operator | Version |
---|---|---|---|
sqlite3 | le | 3.27.2 | |
sqlite3:xenial | eq | 3.11.0-1ubuntu1 | |
sqlite | le | 3.13.0 |
lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html
kc.mcafee.com/corporate/index?page=content&id=SB10365
lists.fedoraproject.org/archives/list/[email protected]/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/
lists.fedoraproject.org/archives/list/[email protected]/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/
security.netapp.com/advisory/ntap-20190606-0002/
usn.ubuntu.com/4004-1/
usn.ubuntu.com/4004-2/
usn.ubuntu.com/4019-1/
usn.ubuntu.com/4019-2/
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
www.sqlite.org/releaselog/3_28_0.html
www.sqlite.org/src/info/90acdbfce9c08858