security-tracker.debian.org Open in urlscan Pro
2a04:4e42:77::644  Public Scan

Form analysis
1 forms found in the DOM

GET /tracker/

<form method="get" id="searchform" action="/tracker/">Search for package or bug name: <input type="text" name="query" onkeyup="onSearch(this.value)" onmousemove="onSearch(this.value)"><input type="submit" value="Go">
  <a href="/tracker/data/report">Reporting problems</a></form>

Text Content

CVE-2024-0232

NameCVE-2024-0232DescriptionA heap use-after-free issue has been identified in
SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a
local attacker to leverage a victim to pass specially crafted malicious input to
the application, potentially causing a crash and leading to a denial of
service.SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu,
Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)


VULNERABLE AND FIXED PACKAGES

The table below lists information on source packages.

Source PackageReleaseVersionStatussqlite3
(PTS)bullseye3.34.1-3fixedbookworm3.40.1-2vulnerabletrixie3.46.0-1fixedsid3.46.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugssqlite3sourcebuster(not
affected)sqlite3sourcebullseye(not affected)sqlite3source(unstable)3.43.2-1


NOTES

[bookworm] - sqlite3 <no-dsa> (Minor issue)
[bullseye] - sqlite3 <not-affected> (Vulnerable code not present)
[buster] - sqlite3 <not-affected> (Vulnerable code not present)
https://bugzilla.redhat.com/show_bug.cgi?id=2243754
https://sqlite.org/forum/forumpost/4aa381993a
https://sqlite.org/forum/forumpost/b25edc1d46
https://sqlite.org/src/info/a163fecca90cab9d (v3.43.2)


--------------------------------------------------------------------------------

Search for package or bug name: Reporting problems

Home - Debian Security - Source (Git)