Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2017-10989

Published: 07/07/2017 Updated: 03/10/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sqlite

Vulnerability Summary

The getNodeSize function in ext/rtree/rtree.c in SQLite up to and including 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sqlite sqlite

Vendor Advisories

Debian CVElist Bug Report Logs: sqlite3: CVE-2017-10989
Debian Bug report logs - #867618 sqlite3: CVE-2017-10989 Package: src:sqlite3; Maintainer for src:sqlite3 is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 7 Jul 2017 19:57:08 UTC Severity: important Tags: patch, security, upstream Found in version sqlite ...
Ubuntu Security Notice: sqlite3 vulnerabilities
Several security issues were fixed in SQLite ...
Ubuntu Security Notice: sqlite3 vulnerabilities
Several security issues were fixed in SQLite ...
Red Hat: CVE-2017-10989
The getNodeSize function in ext/rtree/rtreec in SQLite through 3193, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact ...

References

CWE-125https://sqlite.org/src/info/66de6f4ahttps://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26http://marc.info/?l=sqlite-users&m=149933696214713&w=2http://www.securityfocus.com/bid/99502http://www.securitytracker.com/id/1039427https://support.apple.com/HT208144https://support.apple.com/HT208115https://support.apple.com/HT208113https://support.apple.com/HT208112http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://lists.debian.org/debian-lts-announce/2019/01/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.htmlhttps://usn.ubuntu.com/4019-1/https://usn.ubuntu.com/4019-2/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867618https://nvd.nist.govhttps://usn.ubuntu.com/4019-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook