CVE-2023-7104

Summary

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.

Affected Software

VendorProductVersion RangeStatus
SQLiteSQLite33.0affected
SQLiteSQLite33.1affected
SQLiteSQLite33.2affected
SQLiteSQLite33.3affected
SQLiteSQLite33.4affected
SQLiteSQLite33.5affected
SQLiteSQLite33.6affected
SQLiteSQLite33.7affected
SQLiteSQLite33.8affected
SQLiteSQLite33.9affected
SQLiteSQLite33.10affected
SQLiteSQLite33.11affected
SQLiteSQLite33.12affected
SQLiteSQLite33.13affected
SQLiteSQLite33.14affected
SQLiteSQLite33.15affected
SQLiteSQLite33.16affected
SQLiteSQLite33.17affected
SQLiteSQLite33.18affected
SQLiteSQLite33.19affected
SQLiteSQLite33.20affected
SQLiteSQLite33.21affected
SQLiteSQLite33.22affected
SQLiteSQLite33.23affected
SQLiteSQLite33.24affected
SQLiteSQLite33.25affected
SQLiteSQLite33.26affected
SQLiteSQLite33.27affected
SQLiteSQLite33.28affected
SQLiteSQLite33.29affected
SQLiteSQLite33.30affected
SQLiteSQLite33.31affected
SQLiteSQLite33.32affected
SQLiteSQLite33.33affected
SQLiteSQLite33.34affected
SQLiteSQLite33.35affected
SQLiteSQLite33.36affected
SQLiteSQLite33.37affected
SQLiteSQLite33.38affected
SQLiteSQLite33.39affected
SQLiteSQLite33.40affected
SQLiteSQLite33.41affected
SQLiteSQLite33.42affected
SQLiteSQLite33.43affected

Weaknesses

  • CWE-122: CWE-122 Heap-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References