oss-sec mailing list archives
[cve-request () mitre org: Re: [scr357564] sqlite3 - fix in progress]
From: Seth Arnold <seth.arnold () canonical com>
Date: Fri, 7 Jul 2017 11:33:14 -0700
Hello; some buffer over-reads were recently discovered in sqlite3 via Google's clusterfuzz of GDAL. Thanks to Even Rouault for coordinating and D. Richard Hipp for the fast and friendly fix. Here's the description and references I supplied to MITRE, and their (trimmed) reply: ----- Forwarded message from cve-request () mitre org -----
[Suggested description] Undersize RTree blobs in a maliciously-constructed SQLite3 database file may allow buffer-overreads, un-initialized data use, or possibly other unspecified behaviour. [Reference] https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26 https://sqlite.org/src/info/66de6f4a https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405 http://marc.info/?l=sqlite-users&m=149933696214713&w=2 [Discoverer] Google's project clusterfuzz
Use CVE-2017-10989. ----- End forwarded message ----- Thanks
Attachment:
signature.asc
Description:
Current thread:
- [cve-request () mitre org: Re: [scr357564] sqlite3 - fix in progress] Seth Arnold (Jul 07)