CVE-2024-0232
Medium
Low
Medium
High
Critical
4.7
CVSS Score
Vulnerability Description
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
L
Attack Complexity
H
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
6 configuration(s) from 3 vendor(s)
extra_packages_for_enterprise_linux
Version:
8.0
CPE:
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
fedora
Version:
39
CPE:
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
enterprise_linux
Version:
8.0
CPE:
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:arm64:*
enterprise_linux
Version:
9.0
CPE:
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
sqlite
Version:
3.43.0
CPE:
cpe:2.3:a:sqlite:sqlite:3.43.0:*:*:*:*:*:*:*
sqlite
Version:
3.43.1
CPE:
cpe:2.3:a:sqlite:sqlite:3.43.1:*:*:*:*:*:*:*
This vulnerability affects 6 software configuration(s). Ensure you patch all affected systems.
Oracle
CPUJAN2025
Oracle Critical Patch Update Advisory - January 2025
Severity
Critical
Released
Jan 21, 2025
Restart Required
Security Update
References & Resources
-
https://access.redhat.com/security/cve/CVE-2024-0232secalert@redhat.com Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2243754secalert@redhat.com Exploit Issue Tracking Third Party Advisory
-
https://access.redhat.com/security/cve/CVE-2024-0232af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2243754af854a3a-2127-422b-91ae-364da2661108 Exploit Issue Tracking Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/af854a3a-2127-422b-91ae-364da2661108
-
https://security.netapp.com/advisory/ntap-20240315-0007/af854a3a-2127-422b-91ae-364da2661108
Severity Details
4.7
out of 10.0
Medium
Weakness Type (CWE)
CWE-416
Top 25 #12
Use After Free
- Description
- The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations…
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Variant
Key Information
- Published Date
- January 16, 2024
