CVE-2024-0232
published 2024-01-16CVE-2024-0232: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sqlite3 | < sqlite3 3.43.2-1 (forky) | sqlite3 3.43.2-1 (forky) |
| fedoraproject | extra_packages_for_enterprise_linux | — | — |
| fedoraproject | fedora | — | — |
| ghost | sqlite3 | >= 0 < 3.43.2-1 | 3.43.2-1 |
| ghost | sqlite3 | >= 0 < 3.43.2-1 | 3.43.2-1 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| sqlite | sqlite | >= 3.43.0 < 3.43.2 | 3.43.2 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM