CVE-2024-0232 — Use After Free in Sqlite

CWE-416 — Use After Free9 documents7 sources

Severity

5.5MEDIUMNVD

CNA4.7

EPSS

0.0%

top 95.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ghost Sqlite3 Sqlite Fedoraproject Extra Packages FOR Enterprise Linux +2 more

Timeline

PublishedJan 16

Latest updateJan 15

Description

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianghost/sqlite3< 3.43.2-1+1

▶NVDsqlite/sqlite3.43.0 — 3.43.2

▶NVDfedoraproject/extra_packages8.0

Also affects: Fedora 39, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-3r49-2w65-cxgr: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3↗2024-01-16

▶

CVEList

Sqlite: use-after-free bug in jsonparseaddnodearray↗2024-01-16

▶

OSV

CVE-2024-0232: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3↗2024-01-16

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Applications Risk Matrix: Security (SQLite) — CVE-2024-0232↗2025-01-15

▶

Oracle

Oracle Oracle Financial Services Applications Risk Matrix: Reports (SQLite) — CVE-2024-0232↗2024-10-15

▶

Oracle

Oracle Oracle Communications Applications Risk Matrix: Common fns (SQLite) — CVE-2024-0232↗2024-07-15

▶

Debian

CVE-2024-0232: sqlite3 - A heap use-after-free issue has been identified in SQLite in the jsonParseAddNod...↗2024

▶

Red Hat

sqlite: use-after-free bug in jsonParseAddNodeArray↗2023-10-12

▶