oss-sec mailing list archives
Re: CVE Request: SQLite array overrun in the skip-scan optimization
From: cve-assign () mitre org
Date: Wed, 15 Jul 2015 06:26:24 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SQLite 3.8.2 contained an array overrun in the skip-scan optimization leading to memory corruption. Fixed in 3.8.3. https://www.sqlite.org/src/info/520070ec7fbaac73eda0e0123596b7bb3e9a6897
CREATE INDEX t1all ON t1(a,b,c,d,e,f,g,h); INSERT INTO t1 VALUES(1,2,3,4,5,6,7,8,9); ... VALUES('t1','t1all','655360 163840 40960 10240 2560 640 160 40 10');
https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1448758 Invalid write of size 8
Fixed by the following commit: https://www.sqlite.org/src/info/ac5852d6403c9c9628ca0aa7be135c702f000698 Make sure the WhereLoop.aLTerm[] array is large enough when processing the skip-scan optimization && (rc = whereLoopResize(db, pNew, pNew->nLTerm+1))==SQLITE_OK
Use CVE-2013-7443. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVpjRwAAoJEKllVAevmvmsrFAH/i+O6Kna/WIWqVAbclu7HY6p 03e50ub9f7aRED0IrlaunzDdU/BmtYbCb4ojvMyGUZybTQWMiCG+r+raRa7pcnn0 KBoLwKpEmbzz2mm5Q7y0a0AWkD7tfmKKQUrGp5kJIWBv/6hrXEmegHGHwJu/wJTi EIPkoUFXvD6NwvW46yu8mXZchvFZnYs9N1kqG7sX+POfTeKCBRHCh+FcDMoM7aGZ f92PqyKKgUsxzlw/6nhf8HXtKvRUV73meYkopTZgBoBarZZcFgZIEMieJvfYJGOI zRekvE9QXks2HTXkzqUBS3OGqNhgTTAmuGl64Kx5DaQKZ6ykgpGj0hNLrZ1EKgM= =cfKg -----END PGP SIGNATURE-----
Current thread:
- CVE Request: SQLite array overrun in the skip-scan optimization Marc Deslauriers (Jul 14)
- Re: CVE Request: SQLite array overrun in the skip-scan optimization cve-assign (Jul 15)