CVE-2021-31239

NameCVE-2021-31239
DescriptionAn issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sqlite (PTS)buster2.8.17-15fixed
buster (security)2.8.17-15+deb10u1fixed
sqlite3 (PTS)buster3.27.2-3+deb10u1vulnerable
buster (security)3.27.2-3+deb10u2vulnerable
bullseye3.34.1-3vulnerable
bookworm3.40.1-2fixed
sid, trixie3.45.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sqlitesource(unstable)(not affected)
sqlite3source(unstable)3.36.0-2

Notes

[bullseye] - sqlite3 <no-dsa> (Minor issue)
[buster] - sqlite3 <no-dsa> (Minor issue)
- sqlite <not-affected> (Vulnerable code not present)
https://www.sqlite.org/forum/forumpost/d9fce1a89b
Fixed by: https://github.com/sqlite/sqlite/commit/6536c4f18e3dd37084c902f965631ff28248d8c7 (version-3.36.0)
Vulnerable feature introduced with: https://github.com/sqlite/sqlite/commit/3be8b1a4f7848c1d67324893f4ac9cace8c06eb0 (version-3.22.0, https://sqlite.org/releaselog/3_22_0.html)

Search for package or bug name: Reporting problems