Gentoo update for SQLite
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-31239 CVE-2022-46908 |
| CWE-ID | CWE-125 CWE-254 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system dev-db/sqlite Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU77807
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-31239
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in ext/misc/appendvfs.c. A local user can trigger an out-of-bounds read error and crash the database.
Update the affected packages.
dev-db/sqlite to version: 3.42.0
Gentoo Linux: All versions
dev-db/sqlite: before 3.42.0
External linkshttp://security.gentoo.org/glsa/202311-03
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security features bypass
EUVDB-ID: #VU70528
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-46908
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper implementation of the azProhibitedFunctions protection mechanism, which allows UDF functions such as WRITEFILE when relying on --safe for execution of an untrusted CLI script. A local user can escalate privileges on the system.
Update the affected packages.
dev-db/sqlite to version: 3.42.0
Gentoo Linux: All versions
dev-db/sqlite: before 3.42.0
External linkshttp://security.gentoo.org/glsa/202311-03
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
