MGASA-2022-0175

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0175.html

Import Source

https://advisories.mageia.org/MGASA-2022-0175.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2022-0175

Related

CVE-2021-36690

Published

2022-05-12T10:24:45Z

Modified

2022-05-12T09:37:32Z

Summary

Updated sqlite3 packages fix security vulnerability

Details

* DISPUTED * A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

As the cve assignment is disputed, this update may be changed in future from a security update to a bugfix update.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / sqlite3

Package

Name: sqlite3
Purl: pkg:rpm/mageia/sqlite3?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.34.1-1.2.mga8

Ecosystem specific

{
    "section": "core"
}