UBUNTU-CVE-2022-21227

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-21227

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-21227.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-21227

Related

CVE-2022-21227

Published

2022-05-01T16:15:00Z

Modified

2024-10-15T14:09:42Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

References

Affected packages

Ubuntu:Pro:16.04:LTS / node-sqlite3

Package

Name: node-sqlite3
Purl: pkg:deb/ubuntu/node-sqlite3?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.0+ds1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / node-sqlite3

Package

Name: node-sqlite3
Purl: pkg:deb/ubuntu/node-sqlite3?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.8+ds1-2build1

3.1.8+ds1-2build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / node-sqlite3

Package

Name: node-sqlite3
Purl: pkg:deb/ubuntu/node-sqlite3?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.6+ds1-2

4.1.0+ds1-1

4.1.1+ds1-1

4.1.1+ds1-1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / node-sqlite3

Package

Name: node-sqlite3
Purl: pkg:deb/ubuntu/node-sqlite3?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.0+ds1-1

5.0.2+ds1-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}