Lucene search
Ubuntu.comUB:CVE-2022-35737HistoryAug 03, 2022 - 12:00 a.m.
CVE-2022-35737
2022-08-0300:00:00
ubuntu.com
ubuntu.com
19
0.003 Low
EPSS
Percentile
65.3%
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds
overflow if billions of bytes are used in a string argument to a C API.
Notes
| Author | Note |
|---|---|
| mdeslaur | the wrong commit was previously identified, but didnât match the vulnerability PoC. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 16.04 | noarch | sqlite | <Â any | UNKNOWN |
| ubuntu | 18.04 | noarch | sqlite3 | <Â 3.22.0-1ubuntu0.7 | UNKNOWN |
| ubuntu | 20.04 | noarch | sqlite3 | <Â 3.31.1-4ubuntu0.5 | UNKNOWN |
| ubuntu | 22.04 | noarch | sqlite3 | <Â 3.37.2-2ubuntu0.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | sqlite3 | <Â 3.8.2-1ubuntu2.2+esm3 | UNKNOWN |
| ubuntu | 16.04 | noarch | sqlite3 | <Â 3.11.0-1ubuntu1.5+esm2 | UNKNOWN |
References
blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
launchpad.net/bugs/cve/CVE-2022-35737
nvd.nist.gov/vuln/detail/CVE-2022-35737
security-tracker.debian.org/tracker/CVE-2022-35737
ubuntu.com/security/notices/USN-5712-1
ubuntu.com/security/notices/USN-5716-1
ubuntu.com/security/notices/USN-5716-2
www.cve.org/CVERecord?id=CVE-2022-35737
Related
cnvd
cnvd
SQLite Input Validation Error Vulnerability (CNVD-2022-62235)
2022-07-26 00:00:00
nessus
nessus
Oracle Linux 9 : sqlite (ELSA-2023-0339)
2023-01-24 00:00:00
Rocky Linux 9 : sqlite (RLSA-2023:0339)
2023-11-06 00:00:00
RHEL 9 : sqlite (RHSA-2023:0339)
2023-01-23 00:00:00
oraclelinux
oraclelinux
sqlite security update
2023-01-12 00:00:00
sqlite security update
2023-01-24 00:00:00
cvelist
cvelist
CVE-2022-35737
2022-08-03 00:00:00
ubuntu
ubuntu
SQLite vulnerability
2022-11-21 00:00:00
amazon
amazon
Important: sqlite
2023-01-18 00:16:00
mscve
mscve
MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow
2024-01-09 08:00:00
osv
osv
CVE-2022-35737
2022-08-03 06:15:07
`libsqlite3-sys` via C SQLite improperly validates array index
2022-08-04 00:00:26
BIT-sqlite-2022-35737
2024-03-06 11:06:04
cve
cve
CVE-2022-35737
2022-08-03 06:15:07
redhat
redhat
(RHSA-2023:0110) Moderate: sqlite security update
2023-01-12 08:25:38
(RHSA-2023:0339) Moderate: sqlite security update
2023-01-23 14:30:39
(RHSA-2024:0425) Moderate: sqlite security update
2024-01-24 14:40:30
almalinux
almalinux
Moderate: sqlite security update
2023-01-23 00:00:00
Moderate: sqlite security update
2023-01-12 00:00:00
sqlite
sqlite
SQLite report about CVE-2022-35737
2022-01-01 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-35737 affecting package sqlite for versions less than 3.39.2-1
2022-09-13 22:36:39
CVE-2022-35737 affecting package sqlite 3.34.1-1
2022-11-24 00:45:36
alpinelinux
alpinelinux
CVE-2022-35737
2022-08-03 06:15:07
mageia
mageia
Updated sqlite3 packages fix security vulnerability
2022-08-06 00:00:44
redos
redos
ROS-20231018-05
2023-10-18 00:00:00
rustsec
rustsec
`libsqlite3-sys` via C SQLite CVE-2022-35737
2022-08-03 12:00:00
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to SQLite denial of service vulnerability( CVE-2022-35737)
2023-07-06 17:49:41
prion
prion
Design/Logic Flaw
2022-08-03 06:15:00
openvas
openvas
Ubuntu: Security Advisory (USN-5716-2)
2022-11-22 00:00:00
Ubuntu: Security Advisory (USN-5712-1)
2022-11-04 00:00:00
Mageia: Security Advisory (MGASA-2022-0273)
2022-08-08 00:00:00
kaspersky
kaspersky
KLA62829 ACE vulnerability in Microsoft Mariner
2024-01-09 00:00:00
KLA62827 Multiple vulnerabilities in Microsoft Windows
2024-01-09 00:00:00
thn
thn
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
2022-10-25 14:17:00
hivepro
hivepro
Stranger Strings: A 22-year-old vulnerability in SQLite
2022-10-28 07:21:16
cloudlinux
cloudlinux
sqlite: Fix of CVE-2022-35737
2022-11-10 23:00:15
github
github
`libsqlite3-sys` via C SQLite improperly validates array index
2022-08-04 00:00:26
redhatcve
redhatcve
CVE-2022-35737
2022-07-25 07:22:04
veracode
veracode
Denial Of Service (DoS)
2022-07-23 01:42:34
cloudfoundry
cloudfoundry
USN-5716-1: SQLite vulnerability | Cloud Foundry
2022-12-07 00:00:00
f5
f5
K000130512 : SQLite vulnerability CVE-2022-35737
2023-01-06 00:00:00
debiancve
debiancve
CVE-2022-35737
2022-08-03 06:15:00
rocky
rocky
sqlite security update
2023-01-23 14:30:39
sqlite security update
2023-01-12 08:25:38
gentoo
gentoo
SQLite: Multiple Vulnerabilities
2022-10-31 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2171
2023-06-20 10:39:04
Advisory ROSA-SA-2023-2149
2023-04-11 13:56:14
avleonov
avleonov
mskb
mskb
January 9, 2024âKB5034122 (OS Builds 19044.3930 and 19045.3930)
2024-01-09 08:00:00
January 9, 2024âKB5034127 (OS Build 17763.5329)
2024-01-09 08:00:00
January 9, 2024âKB5034129 (OS Build 20348.2227)
2024-01-09 08:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2024
2024-01-09 21:23:10
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0041
2023-06-29 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00