CVE-2017-10989 - OpenCVE

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Sqlite	Sqlite

Configuration 1 [-]

cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html
http://marc.info/?l=sqlite-users&m=149933696214713&w=2	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/99502	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039427
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405	Permissions Required
https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937	Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html
https://sqlite.org/src/info/66de6f4a	Issue Tracking Patch Vendor Advisory
https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26	Patch Vendor Advisory
https://support.apple.com/HT208112
https://support.apple.com/HT208113
https://support.apple.com/HT208115
https://support.apple.com/HT208144
https://usn.ubuntu.com/4019-1/
https://usn.ubuntu.com/4019-2/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-07T12:00:00

Updated: 2019-06-19T19:06:05

Reserved: 2017-07-07T00:00:00

Link: CVE-2017-10989

JSON object: View

NVD Information

Status : Modified

Published: 2017-07-07T12:29:00.197

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-10989

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-19T19:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208144"}, {"name": "[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html"}, {"tags": ["x_refsource_MISC"], "url": "https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405"}, {"tags": ["x_refsource_MISC"], "url": "https://sqlite.org/src/info/66de6f4a"}, {"name": "1039427", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039427"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208113"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208112"}, {"tags": ["x_refsource_MISC"], "url": "http://marc.info/?l=sqlite-users&m=149933696214713&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208115"}, {"name": "99502", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99502"}, {"name": "openSUSE-SU-2019:1426", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html"}, {"name": "USN-4019-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4019-1/"}, {"name": "USN-4019-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4019-2/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-10989", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"name": "https://support.apple.com/HT208144", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208144"}, {"name": "[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html"}, {"name": "https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26", "refsource": "MISC", "url": "https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26"}, {"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405"}, {"name": "https://sqlite.org/src/info/66de6f4a", "refsource": "MISC", "url": "https://sqlite.org/src/info/66de6f4a"}, {"name": "1039427", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039427"}, {"name": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", "refsource": "MISC", "url": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937"}, {"name": "https://support.apple.com/HT208113", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208113"}, {"name": "https://support.apple.com/HT208112", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208112"}, {"name": "http://marc.info/?l=sqlite-users&m=149933696214713&w=2", "refsource": "MISC", "url": "http://marc.info/?l=sqlite-users&m=149933696214713&w=2"}, {"name": "https://support.apple.com/HT208115", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208115"}, {"name": "99502", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99502"}, {"name": "openSUSE-SU-2019:1426", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html"}, {"name": "USN-4019-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4019-1/"}, {"name": "USN-4019-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4019-2/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-10989", "datePublished": "2017-07-07T12:00:00", "dateReserved": "2017-07-07T00:00:00", "dateUpdated": "2019-06-19T19:06:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0D613CD-BB15-4C73-AC3C-3E43B3FB03B7", "versionEndIncluding": "3.19.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact."}, {"lang": "es", "value": "La funci\u00f3n getNodeSize en ext/rtree/rtree.c en SQLite, hasta la versi\u00f3n 3.19.3, como se utiliza en GDAL y otros productos, gestiona de manera incorrecta los blobs RTree que tienen un tama\u00f1o demasiado peque\u00f1o en una base de datos manipulada, lo que da lugar a una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) o, posiblemente, cause otro impacto no especificado."}], "id": "CVE-2017-10989", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-07T12:29:00.197", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://marc.info/?l=sqlite-users&m=149933696214713&w=2"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99502"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1039427"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://sqlite.org/src/info/66de6f4a"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT208112"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT208113"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT208115"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT208144"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4019-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4019-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}