Bug 2216936 (CVE-2023-36191) - CVE-2023-36191 sqlite: CLI fault on missing -nonce
Summary: CVE-2023-36191 sqlite: CLI fault on missing -nonce
Keywords:
Status: NEW
Alias: CVE-2023-36191
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2216940 2216941 2216943 2216944 2216945 2216946 2216938 2216939 2216942 2216947 2216948 2216949
Blocks: 2216951
TreeView+ depends on / blocked
 
Reported: 2023-06-23 10:30 UTC by TEJ RATHI
Modified: 2024-03-19 02:20 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description TEJ RATHI 2023-06-23 10:30:15 UTC 
sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c.

https://www.sqlite.org/forum/forumpost/19f55ef73b
https://sqlite.org/src/info/cd24178bbaad4a1d
Comment 1 TEJ RATHI 2023-06-23 10:46:35 UTC 
Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2216939]
Affects: fedora-all [bug 2216942]


Created mingw-sqlite tracking bugs for this issue:

Affects: fedora-all [bug 2216943]


Created qt5-qtwebengine tracking bugs for this issue:

Affects: epel-all [bug 2216940]
Affects: fedora-all [bug 2216944]


Created qt6-qtwebengine tracking bugs for this issue:

Affects: fedora-all [bug 2216945]


Created sqlite tracking bugs for this issue:

Affects: fedora-all [bug 2216938]


Created sqlite2 tracking bugs for this issue:

Affects: epel-all [bug 2216941]
Affects: fedora-all [bug 2216946]
Note You need to log in before you can comment on or make changes to this bug.