Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2022-2023-266

Related Vulnerabilities: CVE-2022-35737  

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. (CVE-2022-35737)

Source

ALAS2022-2023-266

Amazon Linux 2022 Security Advisory: ALAS-2023-266
Advisory Release Date: 2023-01-20 16:44 Pacific
Advisory Updated Date: 2023-01-24 21:23 Pacific
Severity: Important
References: CVE-2022-35737 
Issue Overview:

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. (CVE-2022-35737)


Affected Packages:

sqlite


Issue Correction:
Run dnf update sqlite to update your system.

New Packages:
aarch64:
    sqlite-debuginfo-3.40.0-1.amzn2022.0.1.aarch64
    sqlite-analyzer-debuginfo-3.40.0-1.amzn2022.0.1.aarch64
    sqlite-libs-debuginfo-3.40.0-1.amzn2022.0.1.aarch64
    sqlite-tools-debuginfo-3.40.0-1.amzn2022.0.1.aarch64
    sqlite-debugsource-3.40.0-1.amzn2022.0.1.aarch64
    lemon-debuginfo-3.40.0-1.amzn2022.0.1.aarch64
    sqlite-3.40.0-1.amzn2022.0.1.aarch64
    sqlite-tcl-debuginfo-3.40.0-1.amzn2022.0.1.aarch64
    sqlite-tcl-3.40.0-1.amzn2022.0.1.aarch64
    sqlite-devel-3.40.0-1.amzn2022.0.1.aarch64
    sqlite-tools-3.40.0-1.amzn2022.0.1.aarch64
    lemon-3.40.0-1.amzn2022.0.1.aarch64
    sqlite-analyzer-3.40.0-1.amzn2022.0.1.aarch64
    sqlite-libs-3.40.0-1.amzn2022.0.1.aarch64

i686:
    sqlite-debugsource-3.40.0-1.amzn2022.0.1.i686
    sqlite-analyzer-debuginfo-3.40.0-1.amzn2022.0.1.i686
    sqlite-debuginfo-3.40.0-1.amzn2022.0.1.i686
    sqlite-tools-debuginfo-3.40.0-1.amzn2022.0.1.i686
    sqlite-libs-debuginfo-3.40.0-1.amzn2022.0.1.i686
    sqlite-3.40.0-1.amzn2022.0.1.i686
    sqlite-tools-3.40.0-1.amzn2022.0.1.i686
    sqlite-libs-3.40.0-1.amzn2022.0.1.i686
    sqlite-analyzer-3.40.0-1.amzn2022.0.1.i686
    sqlite-devel-3.40.0-1.amzn2022.0.1.i686
    lemon-debuginfo-3.40.0-1.amzn2022.0.1.i686
    sqlite-tcl-debuginfo-3.40.0-1.amzn2022.0.1.i686
    lemon-3.40.0-1.amzn2022.0.1.i686
    sqlite-tcl-3.40.0-1.amzn2022.0.1.i686

noarch:
    sqlite-doc-3.40.0-1.amzn2022.0.1.noarch

src:
    sqlite-3.40.0-1.amzn2022.0.1.src

x86_64:
    lemon-debuginfo-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-tcl-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-debugsource-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-tools-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-libs-debuginfo-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-tcl-debuginfo-3.40.0-1.amzn2022.0.1.x86_64
    lemon-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-analyzer-debuginfo-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-tools-debuginfo-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-libs-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-devel-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-debuginfo-3.40.0-1.amzn2022.0.1.x86_64
    sqlite-analyzer-3.40.0-1.amzn2022.0.1.x86_64

Additional References

Red Hat: CVE-2022-35737

Mitre: CVE-2022-35737

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started