CVE-2024-0232

Updated: 2024-03-15 20:21:54.401135

Description:

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU sqlite 3.34.1 5.5 MEDIUM Ignored 2024-01-25 08:42:34
CentOS 6 ELS sqlite 3.6.20 5.5 MEDIUM Ignored 2024-01-25 08:42:56
CentOS 7 ELS sqlite 3.7.17 5.5 MEDIUM Ignored 2024-01-25 08:42:47
CentOS 8.4 ELS sqlite 3.26.0 5.5 MEDIUM Ignored 2024-01-25 08:42:56
CentOS 8.5 ELS sqlite 3.26.0 5.5 MEDIUM Ignored 2024-01-25 08:42:55
CentOS Stream 8 ELS sqlite 3.26.0 5.5 MEDIUM Ignored 2024-05-10 10:14:40
CloudLinux 6 ELS sqlite 3.6.20 5.5 MEDIUM Ignored 2024-01-25 08:42:44
Oracle Linux 6 ELS sqlite 3.6.20 5.5 MEDIUM Ignored 2024-01-25 08:42:44
Ubuntu 16.04 ELS sqlite3 3.11.0 5.5 MEDIUM Ignored 2024-01-25 08:42:48
Ubuntu 18.04 ELS sqlite3 3.22.0-1 5.5 MEDIUM Ignored 2024-01-25 08:42:44