Lucene search
AmazonALAS2-2023-1911HistoryJan 18, 2023 - 12:16 a.m.
Important: sqlite
2023-01-1800:16:00
alas.aws.amazon.com
24
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.8 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
65.0%
Issue Overview:
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. (CVE-2022-35737)
Affected Packages:
sqlite
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update sqlite to update your system.
New Packages:
aarch64:
sqlite-3.7.17-8.amzn2.1.2.aarch64
sqlite-devel-3.7.17-8.amzn2.1.2.aarch64
lemon-3.7.17-8.amzn2.1.2.aarch64
sqlite-tcl-3.7.17-8.amzn2.1.2.aarch64
sqlite-debuginfo-3.7.17-8.amzn2.1.2.aarch64
i686:
sqlite-3.7.17-8.amzn2.1.2.i686
sqlite-devel-3.7.17-8.amzn2.1.2.i686
lemon-3.7.17-8.amzn2.1.2.i686
sqlite-tcl-3.7.17-8.amzn2.1.2.i686
sqlite-debuginfo-3.7.17-8.amzn2.1.2.i686
noarch:
sqlite-doc-3.7.17-8.amzn2.1.2.noarch
src:
sqlite-3.7.17-8.amzn2.1.2.src
x86_64:
sqlite-3.7.17-8.amzn2.1.2.x86_64
sqlite-devel-3.7.17-8.amzn2.1.2.x86_64
lemon-3.7.17-8.amzn2.1.2.x86_64
sqlite-tcl-3.7.17-8.amzn2.1.2.x86_64
sqlite-debuginfo-3.7.17-8.amzn2.1.2.x86_64
Additional References
Red Hat: CVE-2022-35737
Mitre: CVE-2022-35737
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | sqlite | < 3.7.17-8.amzn2.1.2 | sqlite-3.7.17-8.amzn2.1.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | sqlite-devel | < 3.7.17-8.amzn2.1.2 | sqlite-devel-3.7.17-8.amzn2.1.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | lemon | < 3.7.17-8.amzn2.1.2 | lemon-3.7.17-8.amzn2.1.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | sqlite-tcl | < 3.7.17-8.amzn2.1.2 | sqlite-tcl-3.7.17-8.amzn2.1.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | sqlite-debuginfo | < 3.7.17-8.amzn2.1.2 | sqlite-debuginfo-3.7.17-8.amzn2.1.2.aarch64.rpm |
| Amazon Linux | 2 | i686 | sqlite | < 3.7.17-8.amzn2.1.2 | sqlite-3.7.17-8.amzn2.1.2.i686.rpm |
| Amazon Linux | 2 | i686 | sqlite-devel | < 3.7.17-8.amzn2.1.2 | sqlite-devel-3.7.17-8.amzn2.1.2.i686.rpm |
| Amazon Linux | 2 | i686 | lemon | < 3.7.17-8.amzn2.1.2 | lemon-3.7.17-8.amzn2.1.2.i686.rpm |
| Amazon Linux | 2 | i686 | sqlite-tcl | < 3.7.17-8.amzn2.1.2 | sqlite-tcl-3.7.17-8.amzn2.1.2.i686.rpm |
| Amazon Linux | 2 | i686 | sqlite-debuginfo | < 3.7.17-8.amzn2.1.2 | sqlite-debuginfo-3.7.17-8.amzn2.1.2.i686.rpm |
Related
cnvd
cnvd
SQLite Input Validation Error Vulnerability (CNVD-2022-62235)
2022-07-26 00:00:00
redhat
redhat
(RHSA-2023:0110) Moderate: sqlite security update
2023-01-12 08:25:38
(RHSA-2023:0339) Moderate: sqlite security update
2023-01-23 14:30:39
(RHSA-2024:0425) Moderate: sqlite security update
2024-01-24 14:40:30
ubuntu
ubuntu
SQLite vulnerability
2022-11-21 00:00:00
SQLite vulnerability
2022-11-03 00:00:00
SQLite vulnerability
2022-11-07 00:00:00
osv
osv
CVE-2022-35737
2022-08-03 06:15:07
sqlite3 vulnerability
2022-11-03 13:06:06
Moderate: sqlite security update
2023-01-12 08:25:38
almalinux
almalinux
Moderate: sqlite security update
2023-01-23 00:00:00
Moderate: sqlite security update
2023-01-12 00:00:00
mscve
mscve
MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow
2024-01-09 08:00:00
oraclelinux
oraclelinux
sqlite security update
2023-01-12 00:00:00
sqlite security update
2023-01-24 00:00:00
nessus
nessus
Oracle Linux 9 : sqlite (ELSA-2023-0339)
2023-01-24 00:00:00
Amazon Linux 2023 : lemon, sqlite, sqlite-analyzer (ALAS2023-2023-089)
2023-03-21 00:00:00
CBL Mariner 2.0 Security Update: sqlite (CVE-2022-35737)
2024-01-09 00:00:00
cve
cve
CVE-2022-35737
2022-08-03 06:15:00
veracode
veracode
Denial Of Service (DoS)
2022-07-23 01:42:34
cloudfoundry
cloudfoundry
USN-5716-1: SQLite vulnerability | Cloud Foundry
2022-12-07 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0273)
2022-08-08 00:00:00
SQLite 1.0.12 < 3.39.2 Improper Input Validation Vulnerability
2022-08-05 00:00:00
Ubuntu: Security Advisory (USN-5716-1)
2022-11-08 00:00:00
rocky
rocky
sqlite security update
2023-01-23 14:30:39
sqlite security update
2023-01-12 08:25:38
cbl_mariner
cbl_mariner
CVE-2022-35737 affecting package sqlite 3.34.1-1
2022-11-24 00:45:36
CVE-2022-35737 affecting package sqlite 3.36.0-3
2022-09-13 22:36:39
debiancve
debiancve
CVE-2022-35737
2022-08-03 06:15:00
f5
f5
K000130512 : SQLite vulnerability CVE-2022-35737
2023-01-06 00:00:00
hivepro
hivepro
Stranger Strings: A 22-year-old vulnerability in SQLite
2022-10-28 07:21:16
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in SQLite (CVE-2022-35737)
2023-03-31 17:00:26
github
github
`libsqlite3-sys` via C SQLite improperly validates array index
2022-08-04 00:00:26
kaspersky
kaspersky
KLA62829 ACE vulnerability in Microsoft Mariner
2024-01-09 00:00:00
KLA62827 Multiple vulnerabilities in Microsoft Windows
2024-01-09 00:00:00
cloudlinux
cloudlinux
sqlite: Fix of CVE-2022-35737
2022-11-10 23:00:15
prion
prion
Design/Logic Flaw
2022-08-03 06:15:00
thn
thn
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
2022-10-25 14:17:00
redhatcve
redhatcve
CVE-2022-35737
2022-07-25 07:22:04
mageia
mageia
Updated sqlite3 packages fix security vulnerability
2022-08-06 00:00:44
alpinelinux
alpinelinux
CVE-2022-35737
2022-08-03 06:15:00
sqlite
sqlite
SQLite report about CVE-2022-35737
2022-01-01 00:00:00
ubuntucve
ubuntucve
CVE-2022-35737
2022-08-03 00:00:00
rustsec
rustsec
`libsqlite3-sys` via C SQLite CVE-2022-35737
2022-08-03 12:00:00
redos
redos
ROS-20231018-05
2023-10-18 00:00:00
suse
suse
Security update for sqlite3 (moderate)
2022-09-19 00:00:00
gentoo
gentoo
SQLite: Multiple Vulnerabilities
2022-10-31 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2171
2023-06-20 10:39:04
Advisory ROSA-SA-2023-2149
2023-04-11 13:56:14
avleonov
avleonov
mskb
mskb
January 9, 2024—KB5034122 (OS Builds 19044.3930 and 19045.3930)
2024-01-09 08:00:00
January 9, 2024—KB5034127 (OS Build 17763.5329)
2024-01-09 08:00:00
January 9, 2024—KB5034129 (OS Build 20348.2227)
2024-01-09 08:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0041
2023-06-29 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2024
2024-01-09 21:23:10
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.8 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
65.0%
Related for ALAS2-2023-1911