Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 15 Jul 2015 06:26:24 -0400 (EDT)
From: cve-assign@...re.org
To: marc.deslauriers@...onical.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, security@...ntu.com
Subject: Re: CVE Request: SQLite array overrun in the skip-scan optimization

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> SQLite 3.8.2 contained an array overrun in the skip-scan optimization leading to
> memory corruption. Fixed in 3.8.3.
> 
> https://www.sqlite.org/src/info/520070ec7fbaac73eda0e0123596b7bb3e9a6897

> CREATE INDEX t1all ON t1(a,b,c,d,e,f,g,h);
> INSERT INTO t1 VALUES(1,2,3,4,5,6,7,8,9);
> ...
> VALUES('t1','t1all','655360 163840 40960 10240 2560 640 160 40 10');

> https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1448758
> 
> Invalid write of size 8

> Fixed by the following commit:
> https://www.sqlite.org/src/info/ac5852d6403c9c9628ca0aa7be135c702f000698
> 
> Make sure the WhereLoop.aLTerm[] array is large enough when processing
> the skip-scan optimization
> 
> && (rc = whereLoopResize(db, pNew, pNew->nLTerm+1))==SQLITE_OK

Use CVE-2013-7443.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVpjRwAAoJEKllVAevmvmsrFAH/i+O6Kna/WIWqVAbclu7HY6p
03e50ub9f7aRED0IrlaunzDdU/BmtYbCb4ojvMyGUZybTQWMiCG+r+raRa7pcnn0
KBoLwKpEmbzz2mm5Q7y0a0AWkD7tfmKKQUrGp5kJIWBv/6hrXEmegHGHwJu/wJTi
EIPkoUFXvD6NwvW46yu8mXZchvFZnYs9N1kqG7sX+POfTeKCBRHCh+FcDMoM7aGZ
f92PqyKKgUsxzlw/6nhf8HXtKvRUV73meYkopTZgBoBarZZcFgZIEMieJvfYJGOI
zRekvE9QXks2HTXkzqUBS3OGqNhgTTAmuGl64Kx5DaQKZ6ykgpGj0hNLrZ1EKgM=
=cfKg
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ