CVE-2022-21227

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-21227
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21227.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-21227
Aliases
Downstream
Related
  • SNYK-JAVA-ORGWEBJARSNPM-2805470
  • SNYK-JS-SQLITE3-2388645
Published
2022-05-01T16:15:08Z
Modified
2025-10-16T05:06:19.867129Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

References

Affected packages

Git / github.com/tryghost/node-sqlite3

Affected ranges

Type
GIT
Repo
https://github.com/tryghost/node-sqlite3
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
593c9d498be2510d286349134537e3bf89401c4a

Affected versions

0.*

0.0.2
0.0.3
0.0.6

1.*

1.0.0
1.0.1
1.0.2
1.0.3

2.*

2.0.0
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9

v2.*

v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.1.0
v2.1.1
v2.1.10
v2.1.11
v2.1.12
v2.1.13
v2.1.14
v2.1.15
v2.1.16
v2.1.17
v2.1.18
v2.1.19
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.1.7-alpha
v2.1.8
v2.1.9
v2.2.0
v2.2.0-alpha
v2.2.1
v2.2.3
v2.2.4
v2.2.5
v2.2.6

v3.*

v3.0.0
v3.0.1
v3.0.10
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.1
v3.1.10
v3.1.11
v3.1.12
v3.1.13
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8

v4.*

v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.5
v4.0.6
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.2.0

v5.*

v5.0.0
v5.0.1
v5.0.2

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "111058817561569940776130285025941133729",
                    "155609221470918782139244390542808340717",
                    "118592821369456292669284180599121425636",
                    "1172560625900145031071377345356862890"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/tryghost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a",
            "signature_type": "Line",
            "target": {
                "file": "src/statement.cc"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-21227-7777b20f"
        },
        {
            "digest": {
                "length": 1434.0,
                "function_hash": "39003862121650051753977202896462857399"
            },
            "source": "https://github.com/tryghost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a",
            "signature_type": "Function",
            "target": {
                "function": "Statement::BindParameter",
                "file": "src/statement.cc"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2022-21227-e1875b1a"
        }
    ]
}