CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2024-0232 – Sqlite: use-after-free bug in jsonparseaddnodearray
https://notcve.org/view.php?id=CVE-2024-0232
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. Se identificó un problema de uso después de la liberación del montón en SQLite en la función jsonParseAddNodeArray() en sqlite3.c. Este fallo permite que un atacante local aproveche a una víctima para que pase entradas maliciosas especialmente manipuladas a la aplicación, lo que podría provocar un fallo y provocar una denegación de servicio. • https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7 https://security.netapp.com/advisory/ntap-20240315-0007 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-7104 – SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
https://notcve.org/view.php?id=CVE-2023-7104
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP https://security.netapp.com/advisory/ntap-20240112-0008 https://sqlite.org/forum/forumpost/5bcbf4571c https://sqlite.org/src/info/0e4e7a05c4204b47 https://vuldb.com/?ctiid.248999 https://vuldb.com/?id.248999 https://access.redhat.com/security/cve/CVE-2023-7104 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-32697 – Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled
https://notcve.org/view.php?id=CVE-2023-32697
SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. • https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2 https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-31239
https://notcve.org/view.php?id=CVE-2021-31239
An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. • https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/CVE-2021-31239 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI https://security.gentoo.org/glsa/202311-03 https://security.netapp.com/advisory/ntap-20230609-0010 https://www.sqlite.org/cves.html https://www.sqlite.org/forum/forumpost/d9fce1a89b • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-46908
https://notcve.org/view.php?id=CVE-2022-46908
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. SQLite hasta 3.40.0, cuando depende de --safe para la ejecución de un script CLI que no es de confianza, no implementa correctamente el mecanismo de protección azProhibitedFunctions y, en su lugar, permite funciones UDF como WRITEFILE. • https://news.ycombinator.com/item?id=33948588 https://security.gentoo.org/glsa/202311-03 https://security.netapp.com/advisory/ntap-20230203-0005 https://sqlite.org/forum/forumpost/07beac8056151b2f https://sqlite.org/src/info/cefc032473ac5ad2 •