Vulnerability Details : CVE-2023-7104
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
Vulnerability category: Overflow
Products affected by CVE-2023-7104
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
- cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-7104
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-7104
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.2
|
MEDIUM | AV:A/AC:L/Au:S/C:P/I:P/A:P |
5.1
|
6.4
|
VulDB | |
5.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.1
|
3.4
|
VulDB | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-01-05 |
7.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
NIST | 2024-01-08 |
5.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
N/A
|
N/A
|
RedHat-CVE-2023-7104 |
CWE ids for CVE-2023-7104
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Assigned by: cna@vuldb.com (Secondary)
References for CVE-2023-7104
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/
[SECURITY] Fedora 39 Update: chromium-120.0.6099.199-1.fc39 - package-announce - Fedora Mailing-ListsIssue Tracking;Third Party Advisory
-
https://vuldb.com/?id.248999
CVE-2023-7104: SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflowThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/
[SECURITY] Fedora 38 Update: chromium-120.0.6099.199-1.fc38 - package-announce - Fedora Mailing-ListsIssue Tracking;Third Party Advisory
-
https://sqlite.org/forum/forumpost/5bcbf4571c
SQLite Forum: heap-buffer-overflow at sessionfuzzExploit
-
https://vuldb.com/?ctiid.248999
Permissions Required
-
https://sqlite.org/src/info/0e4e7a05c4204b47
SQLite: Check-in [0e4e7a05]Patch
-
https://security.netapp.com/advisory/ntap-20240112-0008/
CVE-2023-7104 SQLite Vulnerability in NetApp Products | NetApp Product Security
Jump to