CVE-2013-7443 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Sqlite

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents10 sources

Severity

5.0MEDIUMNVD

EPSS

1.3%

top 20.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ghost Sqlite3 Canonical Ubuntu Linux Sqlite

Timeline

PublishedAug 12

Latest updateMay 17

Description

Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianghost/sqlite3< 3.8.3-1+3

▶Ubuntughost/sqlite3< 3.8.2-1ubuntu2.1

▶NVDsqlite/sqlite3.8.2

Also affects: Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

GHSA

GHSA-9ggj-hfcr-7pgp: Buffer overflow in the skip-scan optimization in SQLite 3↗2022-05-17

▶

CVEList

CVE-2013-7443: Buffer overflow in the skip-scan optimization in SQLite 3↗2015-08-12

▶

OSV

CVE-2013-7443: Buffer overflow in the skip-scan optimization in SQLite 3↗2015-08-12

▶

OSV

sqlite3 vulnerabilities↗2015-07-30

▶

💥Exploits & PoCs

Exploit-DB

PineApp MailSecure - Remote Command Execution↗2013-11-20

▶

📋Vendor Advisories

Apple

CVE-2013-7443: iTunes 12.6 for Windows↗2017-03-21

▶

Apple

CVE-2013-7443: iTunes 12.6↗2017-03-21

▶

Ubuntu

SQLite vulnerabilities↗2015-07-30

▶

Red Hat

sqlite: array overrun in the skip-scan optimization leading to memory corruption (DoS)↗2013-12-22

▶

Debian

CVE-2013-7443: sqlite3 - Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote atta...↗2013

▶

💬Community

Bugzilla

CVE-2013-7443 sqlite: array overrun in the skip-scan optimization leading to memory corruption (DoS) [fedora-all]↗2015-07-15

▶

Bugzilla

CVE-2013-7443 sqlite: array overrun in the skip-scan optimization leading to memory corruption (DoS)↗2015-07-15

▶