Lucene search

GoogleOSV:USN-6566-2

HistoryJun 26, 2024 - 7:45 p.m.

sqlite3 vulnerability

2024-06-2619:45:59

Google

osv.dev

sqlite

ubuntu 18.04 lts

cve-2023-7104

denial of service

sessions extension

memory operations

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.4%

JSON

USN-6566-1 fixed several vulnerabilities in SQLite. This update provides
the corresponding fix for CVE-2023-7104 for Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that SQLite incorrectly handled certain memory operations
in the sessions extension. A remote attacker could possibly use this issue
to cause SQLite to crash, resulting in a denial of service.

References

ubuntu.com/security/CVE-2023-7104

ubuntu.com/security/notices/USN-6566-2

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.4%

JSON

Related for OSV:USN-6566-2