CVE-2022-35737

Name
CVE-2022-35737
Description
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://kb.cert.org/vuls/id/720344
MISC https://www.sqlite.org/cves.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* sqlite >= 1.0.12 < 3.39.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
sqlite 3.16-main 3.38.5-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
sqlite 3.15-main 3.36.0-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
sqlite 3.14-main 3.35.5-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
sqlite 3.13-main 3.34.1-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable