7 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-21227
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid...
CVE-2022-21227
A vulnerability was found in sqlite3. The flaw occurs due to a segmentation fault of an invalid toString object. Users experience a fatal error when supplying a specific object in the parameter array due to this issue...
CVE-2022-21227
CVE-2022-21227 affects the sqlite3 package prior to 5.0.3. The vulnerability is a Denial of Service caused by improper input handling in toString, where passing a crafted Function object can cause the V8 engine to crash. Public documents consistently describe this DoS vector and note the affected...
CVE-2022-21227 Denial of Service (DoS)
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...
CVE-2022-21227
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...
7ghost (>=4.11.0 <=4.11.46), 90crew-sqlite-async (=0.0.4) +216 more potentially affected by CVE-2022-21227 via sqlite3 (>=5.0.0 <=5.0.2)
sqlite3 NPM version =5.0.0, =4.11.0, =0.1.0, =1.1.0, =12.1.0-alpha.6, =2.0.11, =0.2.5, =0.1.3-alpha.0, =0.1.19-alpha.0, =0.1.11-alpha.0, =0.1.3-alpha.0, =7.0.0, =7.3.8 and more Source cves: CVE-2022-21227 Source advisory: SNYK:JS-SQLITE3-2388645...
SQLite report about CVE-2022-21227
This CVE describes a bug in a third-party packages that provides a binding for SQLite to Node.js. The bug reported is in the third-party Node.js binding, not in SQLite itself. Do not be confused by the use of the word "SQLite" in the ambiguously-worded CVE description...