Vulnerability Description
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sqlite | Sqlite | >= 3.43.0, < 3.43.2 |
| Redhat | Enterprise Linux | 8.0 |
| Fedoraproject | Extra Packages For Enterprise Linux | 8.0 |
| Fedoraproject | Fedora | 39 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2024-0232Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243754ExploitIssue TrackingThird Party Advisory
- https://access.redhat.com/security/cve/CVE-2024-0232Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243754ExploitIssue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://security.netapp.com/advisory/ntap-20240315-0007/
FAQ
What is CVE-2024-0232?
CVE-2024-0232 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicio...
How severe is CVE-2024-0232?
CVE-2024-0232 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0232?
Check the references section above for vendor advisories and patch information. Affected products include: Sqlite Sqlite, Redhat Enterprise Linux, Fedoraproject Extra Packages For Enterprise Linux, Fedoraproject Fedora.