SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. https://kb.cert.org/vuls/id/720344 https://www.sqlite.org/cves.html https://sqlite.org/releaselog/3_39_2.html https://security.netapp.com/advisory/ntap-20220915-0009/ https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/ https://security.gentoo.org/glsa/202210-40
Created mingw-sqlite tracking bugs for this issue: Affects: fedora-all [bug 2110325] Created qt5-qtwebengine tracking bugs for this issue: Affects: epel-8 [bug 2110324] Affects: fedora-all [bug 2110326] Created sqlite tracking bugs for this issue: Affects: fedora-all [bug 2110327] Created sqlite2 tracking bugs for this issue: Affects: epel-7 [bug 2110323] Affects: fedora-all [bug 2110328] Created tdlib tracking bugs for this issue: Affects: fedora-all [bug 2110329]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-35737
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0110 https://access.redhat.com/errata/RHSA-2023:0110
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0339 https://access.redhat.com/errata/RHSA-2023:0339
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0425 https://access.redhat.com/errata/RHSA-2024:0425