Lucene search

AlmaLinuxALSA-2024:0465

HistoryJan 25, 2024 - 12:00 a.m.

Moderate: sqlite security update

2024-01-2500:00:00

errata.almalinux.org

sqlite

security update

heap-buffer-overflow

security issue

cve-2023-7104

unix

database engine

sql

c library

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.4%

JSON

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.

Security Fix(es):

sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux9i686sqlite< 3.34.1-7.el9_3sqlite-3.34.1-7.el9_3.i686.rpm
almalinux9i686sqlite-devel< 3.34.1-7.el9_3sqlite-devel-3.34.1-7.el9_3.i686.rpm
almalinux9x86_64sqlite-devel< 3.34.1-7.el9_3sqlite-devel-3.34.1-7.el9_3.x86_64.rpm
almalinux9x86_64sqlite< 3.34.1-7.el9_3sqlite-3.34.1-7.el9_3.x86_64.rpm
almalinux9ppc64lesqlite< 3.34.1-7.el9_3sqlite-3.34.1-7.el9_3.ppc64le.rpm
almalinux9ppc64lesqlite-devel< 3.34.1-7.el9_3sqlite-devel-3.34.1-7.el9_3.ppc64le.rpm
almalinux9aarch64sqlite< 3.34.1-7.el9_3sqlite-3.34.1-7.el9_3.aarch64.rpm
almalinux9aarch64sqlite-devel< 3.34.1-7.el9_3sqlite-devel-3.34.1-7.el9_3.aarch64.rpm
almalinux9s390xsqlite< 3.34.1-7.el9_3sqlite-3.34.1-7.el9_3.s390x.rpm
almalinux9s390xsqlite-devel< 3.34.1-7.el9_3sqlite-devel-3.34.1-7.el9_3.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	9	i686	sqlite	< 3.34.1-7.el9_3	sqlite-3.34.1-7.el9_3.i686.rpm
almalinux	9	i686	sqlite-devel	< 3.34.1-7.el9_3	sqlite-devel-3.34.1-7.el9_3.i686.rpm
almalinux	9	x86_64	sqlite-devel	< 3.34.1-7.el9_3	sqlite-devel-3.34.1-7.el9_3.x86_64.rpm
almalinux	9	x86_64	sqlite	< 3.34.1-7.el9_3	sqlite-3.34.1-7.el9_3.x86_64.rpm
almalinux	9	ppc64le	sqlite	< 3.34.1-7.el9_3	sqlite-3.34.1-7.el9_3.ppc64le.rpm
almalinux	9	ppc64le	sqlite-devel	< 3.34.1-7.el9_3	sqlite-devel-3.34.1-7.el9_3.ppc64le.rpm
almalinux	9	aarch64	sqlite	< 3.34.1-7.el9_3	sqlite-3.34.1-7.el9_3.aarch64.rpm
almalinux	9	aarch64	sqlite-devel	< 3.34.1-7.el9_3	sqlite-devel-3.34.1-7.el9_3.aarch64.rpm
almalinux	9	s390x	sqlite	< 3.34.1-7.el9_3	sqlite-3.34.1-7.el9_3.s390x.rpm
almalinux	9	s390x	sqlite-devel	< 3.34.1-7.el9_3	sqlite-devel-3.34.1-7.el9_3.s390x.rpm