2207557 – (CVE-2021-31239) CVE-2021-31239 sqlite: denial of service via the appendvfs.c function

Bug 2207557 (CVE-2021-31239) - CVE-2021-31239 sqlite: denial of service via the appendvfs.c function

Summary: CVE-2021-31239 sqlite: denial of service via the appendvfs.c function

Keywords:
Status:	NEW
Alias:	CVE-2021-31239
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2207610 2207611 2207614 2207615 2207616 2207617 2207618 2207608 2207609 2207612 2207620 2207621
Blocks:	2196502
TreeView+	depends on / blocked

Reported:	2023-05-16 09:23 UTC by TEJ RATHI
Modified:	2024-03-18 13:11 UTC (History)
CC List:	25 users (show)
Fixed In Version:	sqlite 3.36.0
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in SQLite, where a segmentation fault occurs when appendvfs attempts to open a non-existent file. This flaw allows a remote attacker to cause a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-05-16 09:23:19 UTC

An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.

https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/CVE-2021-31239
https://www.sqlite.org/forum/forumpost/d9fce1a89b
https://www.sqlite.org/cves.html

Comment 1 TEJ RATHI 2023-05-16 11:02:55 UTC

Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2207609]
Affects: fedora-all [bug 2207612]


Created mingw-sqlite tracking bugs for this issue:

Affects: fedora-all [bug 2207614]


Created qt5-qtwebengine tracking bugs for this issue:

Affects: epel-all [bug 2207610]
Affects: fedora-all [bug 2207615]


Created qt6-qtwebengine tracking bugs for this issue:

Affects: fedora-all [bug 2207616]


Created sqlite tracking bugs for this issue:

Affects: fedora-all [bug 2207608]


Created sqlite2 tracking bugs for this issue:

Affects: epel-all [bug 2207611]
Affects: fedora-all [bug 2207617]


Created tdlib tracking bugs for this issue:

Affects: fedora-all [bug 2207618]

Comment 5 TEJ RATHI 2023-05-17 04:41:49 UTC

Upstream commit: https://github.com/sqlite/sqlite/commit/6536c4f18e3dd37084c902f965631ff28248d8c7

Note You need to log in before you can comment on or make changes to this bug.

aoconnor
bdettelb
caswilli
databases-maint
dffrench
dkuc
fjansen
gzaronik
jburrell
jsherril
kaycoth
micjohns
mmuzila
mschorm
ngough
pkubat
praiskup
psegedy
rgodfrey
rh-spice-bugs
sthirugn
tcarlin
tkasparek
tmeszaro
zmiklank