ALT-PU-2017-2119-1
Closed vulnerabilities
Published: 2017-07-07
BDU:2017-01674
Уязвимость функции getNodeSize системы управления базами данных SQLite, позволяющая нарушителю оказать другое воздействие
Severity: HIGH (7.5)
References:
Published: 2017-07-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-10989
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2019:1426
- openSUSE-SU-2019:1426
- http://marc.info/?l=sqlite-users&m=149933696214713&w=2
- http://marc.info/?l=sqlite-users&m=149933696214713&w=2
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- 99502
- 99502
- 1039427
- 1039427
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405
- https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
- https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
- [debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update
- [debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update
- https://sqlite.org/src/info/66de6f4a
- https://sqlite.org/src/info/66de6f4a
- https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
- https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
- https://support.apple.com/HT208112
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://support.apple.com/HT208144
- USN-4019-1
- USN-4019-1
- USN-4019-2
- USN-4019-2