ALSA-2023:0339

See a problem?
Please try reporting it to the source first.

Source

https://errata.almalinux.org/9/ALSA-2023-0339.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:0339.json

JSON Data

https://api.osv.dev/v1/vulns/ALSA-2023:0339

Related

CVE-2022-35737

Published

2023-01-23T00:00:00Z

Modified

2023-03-08T11:29:02Z

Summary

Moderate: sqlite security update

Details

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.

Security Fix(es):

sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API (CVE-2022-35737)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / sqlite

Package

Name: sqlite

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.34.1-6.el9_1

AlmaLinux:9 / sqlite-devel

Package

Name: sqlite-devel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.34.1-6.el9_1

AlmaLinux:9 / sqlite-libs

Package

Name: sqlite-libs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.34.1-6.el9_1