OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-17 17:07:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add sqlite advisory (#1599)

Browse Source 
Co-authored-by: sidunder <sidunder@users.noreply.github.com>
This commit is contained in:
sidunder
2023-02-14 08:38:01 -04:00
committed by GitHub
parent 1942528507
commit 1a941a3d4c
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/libsqlite3-sys/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "libsqlite3-sys"
date = "2022-08-03"
url = "https://nvd.nist.gov/vuln/detail/CVE-2022-35737"
categories = ["denial-of-service", "code-execution"]
aliases = ["CVE-2022-35737"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
[versions]
patched = [">= 0.25.1"]
```
# `libsqlite3-sys` via C SQLite CVE-2022-35737
It was sometimes possible for SQLite versions >= 1.0.12, < 3.39.2 to allow an array-bounds overflow when large string were input into SQLite's `printf` function.
As `libsqlite3-sys` bundles SQLite, it is susceptible to the vulnerability. `libsqlite3-sys` was updated to bundle the patched version of SQLite [here](https://github.com/rusqlite/rusqlite/releases/tag/sys0.25.1).