SQLite 3.43.0 heap-based overflow in sessionReadRecord (critical): CVE-2023-7104 December 2023

SQLite 3.43.0 heap-based overflow in sessionReadRecord (critical)
CVE-2023-7104 Published on December 29, 2023

SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.

Timeline

2023-12-25

Advisory disclosed

2023-12-25

VulDB entry created

2023-12-29

VulDB entry last update 4 days later.

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2023-7104

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-7104 are published in these products:

Affected Versions

Version 3.0 is affected.

Version 3.1 is affected.

Version 3.2 is affected.

Version 3.3 is affected.

Version 3.4 is affected.

Version 3.5 is affected.

Version 3.6 is affected.

Version 3.7 is affected.

Version 3.8 is affected.

Version 3.9 is affected.

Version 3.10 is affected.

Version 3.11 is affected.

Version 3.12 is affected.

Version 3.13 is affected.

Version 3.14 is affected.

Version 3.15 is affected.

Version 3.16 is affected.

Version 3.17 is affected.

Version 3.18 is affected.

Version 3.19 is affected.

Version 3.20 is affected.

Version 3.21 is affected.

Version 3.22 is affected.

Version 3.23 is affected.

Version 3.24 is affected.

Version 3.25 is affected.

Version 3.26 is affected.

Version 3.27 is affected.

Version 3.28 is affected.

Version 3.29 is affected.

Version 3.30 is affected.

Version 3.31 is affected.

Version 3.32 is affected.

Version 3.33 is affected.

Version 3.34 is affected.

Version 3.35 is affected.

Version 3.36 is affected.

Version 3.37 is affected.

Version 3.38 is affected.

Version 3.39 is affected.

Version 3.40 is affected.

Version 3.41 is affected.

Version 3.42 is affected.

Version 3.43 is affected.

Exploit Probability

EPSS

0.12%

Percentile

30.62%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.