SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
References
Link | Resource |
---|---|
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/ | Exploit Third Party Advisory |
https://kb.cert.org/vuls/id/720344 | Broken Link Third Party Advisory US Government Resource |
https://security.gentoo.org/glsa/202210-40 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220915-0009/ | Third Party Advisory |
https://sqlite.org/releaselog/3_39_2.html | Release Notes Vendor Advisory |
https://www.sqlite.org/cves.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-08-03T00:00:00
Updated: 2022-10-31T00:00:00
Reserved: 2022-07-13T00:00:00
Link: CVE-2022-35737
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-03T06:15:07.690
Modified: 2024-03-27T16:05:26.360
Link: CVE-2022-35737
JSON object: View
Redhat Information
No data.
CWE