SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
CVE-2023-7104

5.5MEDIUM

Key Information:

Vendor: Sqlite
Status: Sqlite3
Vendor: CVE Published:; 29 December 2023

What is CVE-2023-7104?

A vulnerability exists in SQLite3 that affects the sessionReadRecord function, specifically within the ext/session/sqlite3session.c file. This vulnerability results in a heap-based buffer overflow, which could be exploited to potentially compromise the security of systems using SQLite3 up to version 3.43.0. It is highly recommended for users to apply the relevant patches to mitigate this issue effectively. For further details, including technical descriptions and patches, consult the provided references.

Affected Version(s)

SQLite3 3.0

SQLite3 3.1

SQLite3 3.2

References

https://vuldb.com/?id.248999

vdb-entrytechnical-description

https://vuldb.com/?ctiid.248999

signaturepermissions-required

https://sqlite.org/forum/forumpost/5bcbf4571c

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2023
Vulnerability Reserved
Dec 25, 2023

Credit

Junwha Hong

Wonil Jang

qbit (VulDB User)