Bug 2207557 (CVE-2021-31239)

Summary: CVE-2021-31239 sqlite: denial of service via the appendvfs.c function
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aoconnor, bdettelb, caswilli, databases-maint, dffrench, dkuc, fjansen, gzaronik, jburrell, jsherril, kaycoth, micjohns, mschorm, ngough, pkubat, praiskup, psegedy, rgodfrey, rh-spice-bugs, sthirugn, tcarlin, tkasparek, zmiklank
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sqlite 3.36.0 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in SQLite, where a segmentation fault occurs when appendvfs attempts to open a non-existent file. This flaw allows a remote attacker to cause a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2207610, 2207611, 2207608, 2207609, 2207612, 2207614, 2207615, 2207616, 2207617, 2207618, 2207620, 2207621    
Bug Blocks: 2196502    

Description TEJ RATHI 2023-05-16 09:23:19 UTC 
An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.

https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/CVE-2021-31239
https://www.sqlite.org/forum/forumpost/d9fce1a89b
https://www.sqlite.org/cves.html
Comment 1 TEJ RATHI 2023-05-16 11:02:55 UTC 
Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2207609]
Affects: fedora-all [bug 2207612]


Created mingw-sqlite tracking bugs for this issue:

Affects: fedora-all [bug 2207614]


Created qt5-qtwebengine tracking bugs for this issue:

Affects: epel-all [bug 2207610]
Affects: fedora-all [bug 2207615]


Created qt6-qtwebengine tracking bugs for this issue:

Affects: fedora-all [bug 2207616]


Created sqlite tracking bugs for this issue:

Affects: fedora-all [bug 2207608]


Created sqlite2 tracking bugs for this issue:

Affects: epel-all [bug 2207611]
Affects: fedora-all [bug 2207617]


Created tdlib tracking bugs for this issue:

Affects: fedora-all [bug 2207618]
Comment 5 TEJ RATHI 2023-05-17 04:41:49 UTC 
Upstream commit: https://github.com/sqlite/sqlite/commit/6536c4f18e3dd37084c902f965631ff28248d8c7