CPANSA-DBD-SQLite-2017-10989: DBD-SQLite vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2017-07-07T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2017-07-07T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | 9.8 | Severity | Critical |
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
Vulnerabilities
CVE-2017-10989
Vulnerability DescriptionThe getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
| Weakness | CWE-125 : Out-of-bounds Read |
|---|
Product status
Known affected
| Product | Score | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DBD-SQLite equal 1.55_06 |
|
||||||||||||
| DBD-SQLite less than or equal 1.55_03 |
|
Fixed
- DBD-SQLite greater than or equal 1.55_07
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-DBD-SQLite-2017-10989 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2017/cpansa-dbd-sqlite-2017-10989.json - https://sqlite.org/src/info/66de6f4a external
https://sqlite.org/src/info/66de6f4a - https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937 external
https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405 external
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405 - https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26 external
https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26 - http://marc.info/?l=sqlite-users&m=149933696214713&w=2 external
http://marc.info/?l=sqlite-users&m=149933696214713&w=2 - http://www.securityfocus.com/bid/99502 external
http://www.securityfocus.com/bid/99502 - http://www.securitytracker.com/id/1039427 external
http://www.securitytracker.com/id/1039427 - https://support.apple.com/HT208144 external
https://support.apple.com/HT208144 - https://support.apple.com/HT208115 external
https://support.apple.com/HT208115 - https://support.apple.com/HT208113 external
https://support.apple.com/HT208113 - https://support.apple.com/HT208112 external
https://support.apple.com/HT208112 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html external
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html external
https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html - http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html external
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html - https://usn.ubuntu.com/4019-1/ external
https://usn.ubuntu.com/4019-1/ - https://usn.ubuntu.com/4019-2/ external
https://usn.ubuntu.com/4019-2/ - CVE-2017-10989 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2017-10989
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Fri Jul 7 00:00:00 2017 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/