Vulnerability Identifier

CVE-2024-0232

2024-01-16

Severity Assessment

4.7

MEDIUM

CVSS v3.x Score

Clinical Analysis (Description)

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

Vector Sequencing

Attack Parameters

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Impact Consequences

Technical Impact

Unchanged

Scope

None

Confidentiality

None

Integrity

High

Availability

AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Weakness Classification

CWE-CWE-416

View CWE Details ↗

Affected Population

Affected Configurations

Total: 6 detected entries

Software List Scrollable

enterprise_linux

Vendor: redhat • v8.0

extra_packages_for_enterprise_linux

Vendor: fedoraproject • v8.0

fedora

Vendor: fedoraproject • v39

sqlite

Vendor: sqlite • v3.43.0

sqlite

Vendor: sqlite • v3.43.1

enterprise_linux

Vendor: redhat • v9.0

Timeline

Time Line

PUBLICATION

16 Jan 2024

MODIFICATION

21 Nov 2024

FIRST PATCH

21 Jan 2025

Impact Statistics

Key Metrics

CVSS Score

4.7

MEDIUM

Products

Affected

Patches

Available

Remediation Protocol

Immediate Action Plan

1. Inventory

Identify all affected systems in your infrastructure.

2. Assessment

Assess exposure and criticality for your organization.

3. Mitigation

Apply patches or available workarounds.

4. Verification

Test and confirm effectiveness of applied measures.

Sources & Bibliography

NIST NVD MITRE CVE External Reference ↗ External Reference ↗ External Reference ↗ External Reference ↗ External Reference ↗

CVE Vulnerabilities

Posts & Pages

CVE-2024-0232

Attack Parameters

Technical Impact

CWE-CWE-416

Affected Configurations

Time Line

Key Metrics

Recommended Solution

Immediate Action Plan

1. Inventory

2. Assessment

3. Mitigation

4. Verification