Bug 8087 - [Anolis OS 8] Bugfix for CVE-2023-7104
Summary: [Anolis OS 8] Bugfix for CVE-2023-7104
Status: NEW
Alias: None
Product: Anolis OS 8
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 8.6
Hardware: All Linux
: P1-Urgent S1-blocker
Target Milestone: ---
Assignee: Jacob
QA Contact: shuming
URL:
Whiteboard:
Keywords: CVE
Depends on:
Blocks:
 
Reported: 2024-01-30 21:46 UTC by 小龙
Modified: 2024-01-30 21:46 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description 小龙 admin 2024-01-30 21:46:28 UTC
Description:
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.

Broken commit info:

Bugfix commit info:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/
https://sqlite.org/forum/forumpost/5bcbf4571c
https://vuldb.com/?id.248999
https://sqlite.org/src/info/0e4e7a05c4204b47
https://github.com/mattn/go-sqlite3/commit/9fd6f4ffd3430f64ec35c64063b59af680582e11
https://github.com/sqlite/sqlite/commit/09f1652f36c5c4e8a6a640ce887f9ea0f48a7958
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/
https://www.sqlite.org/releaselog/3_43_2.html
https://vuldb.com/?ctiid.248999