CVE-2024-0232

Name
CVE-2024-0232
Description
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
secalert@redhat.com https://access.redhat.com/security/cve/CVE-2024-0232
secalert@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2243754
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* sqlite >= None < 3.43.2
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* sqlite >= 3.43.0 < 3.43.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
sqlite 3.18-main 3.41.2-r3 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
sqlite 3.17-main 3.40.1-r1 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
sqlite 3.16-main 3.40.1-r1 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable