Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-10989
HistoryJul 07, 2017 - 12:00 a.m.

CVE-2017-10989

2017-07-0700:00:00
ubuntu.com
ubuntu.com
22

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.2%

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as
used in GDAL and other products, mishandles undersized RTree blobs in a
crafted database, leading to a heap-based buffer over-read or possibly
unspecified other impact.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchsqlite3< 3.8.2-1ubuntu2.2+esm1UNKNOWN
ubuntu16.04noarchsqlite3< 3.11.0-1ubuntu1.2UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.2%