CVE-2023-7104

NameCVE-2023-7104
DescriptionA vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3907-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sqlite3 (PTS)bullseye3.34.1-3vulnerable
bullseye (security)3.34.1-3+deb11u1fixed
bookworm3.40.1-2+deb12u2fixed
trixie3.46.1-7fixed
forky, sid3.46.1-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sqlite3sourcebullseye3.34.1-3+deb11u1DLA-3907-1
sqlite3sourcebookworm3.40.1-2+deb12u1
sqlite3source(unstable)3.43.1-1

Notes

[buster] - sqlite3 <no-dsa> (Minor issue)
https://sqlite.org/forum/forumpost/5bcbf4571c
Fixed by: https://sqlite.org/src/info/0e4e7a05c4204b47
Search for package or bug name: Reporting problems