CVE-2023-7104
SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
Una vulnerabilidad fue encontrada en SQLite SQLite3 hasta 3.43.0 y clasificada como crítica. Este problema afecta la función sessionReadRecord del archivo ext/session/sqlite3session.c del componente make alltest Handler. La manipulación conduce a un desbordamiento de búfer de almacenamiento dinámico. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-248999.
Eine kritische Schwachstelle wurde in SQLite SQLite3 bis 3.43.0 gefunden. Hierbei geht es um die Funktion sessionReadRecord der Datei ext/session/sqlite3session.c der Komponente make alltest Handler. Durch die Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Als bestmögliche Massnahme wird Patching empfohlen.
A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-25 CVE Reserved
- 2023-12-25 CVE Published
- 2024-01-17 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (8)
URL | Date | SRC |
---|---|---|
https://sqlite.org/forum/forumpost/5bcbf4571c | 2024-08-02 |
URL | Date | SRC |
---|---|---|
https://sqlite.org/src/info/0e4e7a05c4204b47 | 2024-05-17 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-7104 | 2024-03-25 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2256194 | 2024-03-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sqlite Search vendor "Sqlite" | Sqlite Search vendor "Sqlite" for product "Sqlite" | <= 3.43.0 Search vendor "Sqlite" for product "Sqlite" and version " <= 3.43.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 39 Search vendor "Fedoraproject" for product "Fedora" and version "39" | - |
Affected
|