Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

[email protected]NVD:CVE-2022-35737

HistoryAug 03, 2022 - 6:15 a.m.

Vulners
/
Nvd
/
CVE-2022-35737

CVE-2022-35737

2022-08-0306:15:07

CWE-129

[email protected]

web.nvd.nist.gov

sqlite

array-bounds overflow

vulnerability

c api

billions of bytes

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

65.5%

JSON

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Affected configurations

Nvd

Node

sqlitesqliteRange1.0.12–3.39.2

Node

netappontap_select_deploy_administration_utilityMatch-

Node

splunkuniversal_forwarderRange8.2.0–8.2.12

splunkuniversal_forwarderRange9.0.0–9.0.6

splunkuniversal_forwarderMatch9.1.0

References

blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

kb.cert.org/vuls/id/720344

security.gentoo.org/glsa/202210-40

security.netapp.com/advisory/ntap-20220915-0009/

sqlite.org/releaselog/3_39_2.html

www.sqlite.org/cves.html

redhat 35

almalinux 2

osv 11

nessus 40

amazon 1

oraclelinux 2

ubuntu 3

cnvd 1

cvelist 1

cve 1

mscve 1

rustsec 1

ibm 10

redos 1

openvas 20

prion 1

kaspersky 2

redhatcve 1

github 1

hivepro 1

cloudlinux 1

thn 1

alpinelinux 1

cbl_mariner 2

mageia 1

ubuntucve 1

sqlite 1

veracode 1

debiancve 1

f5 1

rocky 2

cloudfoundry 1

suse 1

gentoo 1

rosalinux 2

avleonov 2

mskb 3

photon 1

rapid7blog 1

tenable 1

oracle 3

ics 1

redhat

(RHSA-2023:0110) Moderate: sqlite security update

2023-01-12 08:25:38

(RHSA-2023:0339) Moderate: sqlite security update

2023-01-23 14:30:39

(RHSA-2024:0425) Moderate: sqlite security update

2024-01-24 14:40:30

almalinux

Moderate: sqlite security update

2023-01-23 00:00:00

Moderate: sqlite security update

2023-01-12 00:00:00

osv

CVE-2022-35737

2022-08-03 06:15:07

sqlite3 vulnerability

2022-11-03 13:06:06

Moderate: sqlite security update

2023-01-23 14:30:39

nessus

Oracle Linux 9 : sqlite (ELSA-2023-0339)

2023-01-24 00:00:00

Amazon Linux 2022 : (ALAS2022-2023-266)

2023-01-25 00:00:00

F5 Networks BIG-IP : SQLite vulnerability (K000130512)

2023-06-02 00:00:00

amazon

Important: sqlite

2023-01-18 00:16:00

oraclelinux

sqlite security update

2023-01-12 00:00:00

sqlite security update

2023-01-24 00:00:00

ubuntu

SQLite vulnerability

2022-11-21 00:00:00

SQLite vulnerability

2022-11-03 00:00:00

SQLite vulnerability

2022-11-07 00:00:00

cnvd

SQLite Input Validation Error Vulnerability (CNVD-2022-62235)

2022-07-26 00:00:00

cvelist

CVE-2022-35737

2022-08-03 00:00:00

cve

CVE-2022-35737

2022-08-03 06:15:07

mscve

MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow

2024-01-09 08:00:00

rustsec

`libsqlite3-sys` via C SQLite CVE-2022-35737

2022-08-03 12:00:00

ibm

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to SQLite denial of service vulnerability( CVE-2022-35737)

2023-07-06 17:49:41

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in SQLite (CVE-2022-35737)

2023-03-31 17:00:26

Security Bulletin: IBM MQ Operator and Queue Manager container images are vulnerable to vulnerabilities from libksba and sqlite (CVE-2022-47629 and CVE-2022-35737)

2023-02-17 11:44:52

redos

ROS-20231018-05

2023-10-18 00:00:00

openvas

Ubuntu: Security Advisory (USN-5716-2)

2022-11-22 00:00:00

Ubuntu: Security Advisory (USN-5712-1)

2022-11-04 00:00:00

SQLite 1.0.12 < 3.39.2 Improper Input Validation Vulnerability

2022-08-05 00:00:00

prion

Design/Logic Flaw

2022-08-03 06:15:00

kaspersky

KLA62829 ACE vulnerability in Microsoft Mariner

2024-01-09 00:00:00

KLA62827 Multiple vulnerabilities in Microsoft Windows

2024-01-09 00:00:00

redhatcve

CVE-2022-35737

2022-07-25 07:22:04

github

`libsqlite3-sys` via C SQLite improperly validates array index

2022-08-04 00:00:26

hivepro

Stranger Strings: A 22-year-old vulnerability in SQLite

2022-10-28 07:21:16

cloudlinux

sqlite: Fix of CVE-2022-35737

2022-11-10 23:00:15

thn

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

2022-10-25 14:17:00

alpinelinux

CVE-2022-35737

2022-08-03 06:15:07

cbl_mariner

CVE-2022-35737 affecting package sqlite for versions less than 3.39.2-1

2022-09-13 22:36:39

CVE-2022-35737 affecting package sqlite 3.34.1-1

2022-11-24 00:45:36

mageia

Updated sqlite3 packages fix security vulnerability

2022-08-06 00:00:44

ubuntucve

CVE-2022-35737

2022-08-03 00:00:00

sqlite

SQLite report about CVE-2022-35737

2022-01-01 00:00:00

veracode

Denial Of Service (DoS)

2022-07-23 01:42:34

debiancve

CVE-2022-35737

2022-08-03 06:15:07

K000130512 : SQLite vulnerability CVE-2022-35737

2023-01-06 00:00:00

rocky

sqlite security update

2023-01-12 08:25:38

sqlite security update

2023-01-23 14:30:39

cloudfoundry

USN-5716-1: SQLite vulnerability | Cloud Foundry

2022-12-07 00:00:00

suse

Security update for sqlite3 (moderate)

2022-09-19 00:00:00

gentoo

SQLite: Multiple Vulnerabilities

2022-10-31 00:00:00

rosalinux

Advisory ROSA-SA-2023-2171

2023-06-20 10:39:04

Advisory ROSA-SA-2023-2149

2023-04-11 13:56:14

avleonov

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

2024-02-01 17:07:20

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

2022-12-30 18:03:13

mskb

January 9, 2024—KB5034127 (OS Build 17763.5329)

2024-01-09 08:00:00

January 9, 2024—KB5034122 (OS Builds 19044.3930 and 19045.3930)

2024-01-09 08:00:00

January 9, 2024—KB5034129 (OS Build 20348.2227)

2024-01-09 08:00:00

photon

Important Photon OS Security Update - PHSA-2023-5.0-0041

2023-06-29 00:00:00

rapid7blog

Patch Tuesday - January 2024

2024-01-09 21:23:10

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

65.5%

JSON

Related for NVD:CVE-2022-35737

redhat35 almalinux2 osv11 nessus40 amazon1 oraclelinux2 ubuntu3 cnvd1 cvelist1 cve1 mscve1 rustsec1 ibm10 redos1 openvas20 prion1 kaspersky2 redhatcve1 github1 hivepro1 cloudlinux1 thn1 alpinelinux1 cbl_mariner2 mageia1 ubuntucve1 sqlite1 veracode1 debiancve1 f51 rocky2 cloudfoundry1 suse1 gentoo1 rosalinux2 avleonov2 mskb3 photon1 rapid7blog1 tenable1 oracle3 ics1