FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sqlite -- use-after-free bug in jsonparseaddnodearray

Affected packages
sqlite3 < 3.43.2,1
linux-rl9-sqlite < 3.43.2
linux-c7-sqlite < 3.43.2

Details

VuXML ID 42ec2207-7e85-11ef-89a4-b42e991fc52e
Discovery 2024-01-16
Entry 2024-09-29

secalert@redhat.com reports:

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

References

CVE Name CVE-2024-0232
URL https://nvd.nist.gov/vuln/detail/CVE-2024-0232