OSV-2022-487

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/duckdb/OSV-2022-487.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2022-487

Published

2022-06-17T00:00:15.351733Z

Modified

2022-06-17T00:00:15.351999Z

Summary

Heap-use-after-free in duckdb::Planner::CreatePlan

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48062

Crash type: Heap-use-after-free READ 1
Crash state:
duckdb::Planner::CreatePlan
duckdb::Planner::CreatePlan
duckdb::ClientContext::CreatePreparedStatement

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48062

Affected packages

OSS-Fuzz / duckdb

Package

Name: duckdb
Purl: pkg:generic/duckdb

Affected ranges

Type: GIT
Repo: https://github.com/duckdb/duckdb
Events: Introduced

dfcb8a47c57fb694da20a47c92b81fe9e806fda6

Fixed

6e099b510cf72f5fa62b9e5a2c14fdc39e89d4e4

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/duckdb/OSV-2022-487.yaml"