Out-of-bounds Write

Affecting sqlite3 package, versions <3.11.0-1ubuntu1.2

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:16.04 relevant versions.

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.

Remediation

Upgrade Ubuntu:16.04 sqlite3 to version 3.11.0-1ubuntu1.2 or higher.

References

CVSS Score

9.8
low severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE
CVE-2017-2520
CWE
CWE-787
Snyk ID
SNYK-UBUNTU1604-SQLITE3-307564
Disclosed
22 May, 2017
Published
22 May, 2017