CVE-2024-0232

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
References
Link Resource
https://access.redhat.com/security/cve/CVE-2024-0232 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2243754 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

History

28 Sep 2024, 04:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20240315-0007/', 'source': 'secalert@redhat.com'}

15 Mar 2024, 11:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240315-0007/ -

23 Feb 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ -

24 Jan 2024, 14:14

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://bugzilla.redhat.com/show_bug.cgi?id=2243754 - () https://bugzilla.redhat.com/show_bug.cgi?id=2243754 - Exploit, Issue Tracking, Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2024-0232 - () https://access.redhat.com/security/cve/CVE-2024-0232 - Third Party Advisory
CWE CWE-416
First Time Fedoraproject fedora
Fedoraproject
Sqlite
Redhat
Redhat enterprise Linux
Sqlite sqlite
Fedoraproject extra Packages For Enterprise Linux
CPE cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

16 Jan 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-16 14:15

Updated : 2024-09-28 04:15


NVD link : CVE-2024-0232

Mitre link : CVE-2024-0232

CVE.ORG link : CVE-2024-0232


JSON object : View

Products Affected

fedoraproject

  • fedora
  • extra_packages_for_enterprise_linux

redhat

  • enterprise_linux

sqlite

  • sqlite
CWE
CWE-416

Use After Free