CVE-2022-35737

Summary

CVE	CVE-2022-35737
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-08-03 06:15:00 UTC
Updated	2024-03-27 16:05:00 UTC
Description	SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Risk And Classification

Problem Types: CWE-129

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Splunk	Universal Forwarder	All	All	All	All
Application	Splunk	Universal Forwarder	9.1.0	All	All	All
Application	Sqlite	Sqlite	All	All	All	All

References

Reference	Source	Link	Tags
Vulnerabilities	MISC	www.sqlite.org
CERT Vulnerability Notes Database	MISC	kb.cert.org
CVE-2022-35737 SQLite Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
SQLite Release 3.39.2 On 2022-07-21	CONFIRM	sqlite.org
SQLite: Multiple Vulnerabilities (GLSA 202210-40) — Gentoo security	GENTOO	security.gentoo.org
Stranger Strings: An exploitable flaw in SQLite \| Trail of Bits Blog	MISC	blog.trailofbits.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

150591 SQLLite versions allows an array-bounds overflow leading to arbitrary code execution, RCE (CVE-2022-35737)
160388 Oracle Enterprise Linux Security Update for sqlite (ELSA-2023-0110)
160421 Oracle Enterprise Linux Security Update for sqlite (ELSA-2023-0339)
182293 Debian Security Update for sqlite3 (CVE-2022-35737)
199018 Ubuntu Security Notification for SQLite Vulnerability (USN-5716-1)
241055 Red Hat Update for sqlite (RHSA-2023:0110)
241112 Red Hat Update for sqlite (RHSA-2023:0339)
242851 Red Hat Update for sqlite (RHSA-2024:0425)
354656 Amazon Linux Security Advisory for sqlite : ALAS2-2023-1911
354705 Amazon Linux Security Advisory for sqlite : ALAS2022-2023-266
355251 Amazon Linux Security Advisory for sqlite : ALAS2023-2023-089
377952 Alibaba Cloud Linux Security Update for sqlite (ALINUX3-SA-2023:0016)
378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
502596 Alpine Linux Security Update for qt5-qtwebengine
502933 Alpine Linux Security Update for qt5-qtwebengine
505809 Alpine Linux Security Update for qt5-qtwebengine
672275 EulerOS Security Update for sqlite (EulerOS-SA-2022-2668)
672313 EulerOS Security Update for sqlite (EulerOS-SA-2022-2700)
672345 EulerOS Security Update for sqlite (EulerOS-SA-2022-2744)
672361 EulerOS Security Update for sqlite (EulerOS-SA-2022-2779)
710670 Gentoo Linux SQLite Multiple Vulnerabilities (GLSA 202210-40)
752602 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2022:3307-1)
752612 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2022:3401-1)
752755 SUSE Enterprise Linux Security Update for sqlite3 (SUSE-SU-2022:3307-2)
902667 Common Base Linux Mariner (CBL-Mariner) Security Update for sqlite (10466)
902668 Common Base Linux Mariner (CBL-Mariner) Security Update for sqlite (10467)
903888 Common Base Linux Mariner (CBL-Mariner) Security Update for sqlite (10467-1)
904549 Common Base Linux Mariner (CBL-Mariner) Security Update for sqlite (10466-1)
940877 AlmaLinux Security Update for sqlite (ALSA-2023:0110)
940894 AlmaLinux Security Update for sqlite (ALSA-2023:0339)
960599 Rocky Linux Security Update for sqlite (RLSA-2023:0110)
960635 Rocky Linux Security Update for sqlite (RLSA-2023:0339)