Re: CVE Request: SQLite array overrun in the skip-scan optimization

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> SQLite 3.8.2 contained an array overrun in the skip-scan optimization leading to
> memory corruption. Fixed in 3.8.3.
>
> https://www.sqlite.org/src/info/520070ec7fbaac73eda0e0123596b7bb3e9a6897

> CREATE INDEX t1all ON t1(a,b,c,d,e,f,g,h);
> INSERT INTO t1 VALUES(1,2,3,4,5,6,7,8,9);
> ...
> VALUES('t1','t1all','655360 163840 40960 10240 2560 640 160 40 10');

> https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1448758
>
> Invalid write of size 8

> Fixed by the following commit:
> https://www.sqlite.org/src/info/ac5852d6403c9c9628ca0aa7be135c702f000698
>
> Make sure the WhereLoop.aLTerm[] array is large enough when processing
> the skip-scan optimization
>
> && (rc = whereLoopResize(db, pNew, pNew->nLTerm+1))==SQLITE_OK

Use CVE-2013-7443.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVpjRwAAoJEKllVAevmvmsrFAH/i+O6Kna/WIWqVAbclu7HY6p
03e50ub9f7aRED0IrlaunzDdU/BmtYbCb4ojvMyGUZybTQWMiCG+r+raRa7pcnn0
KBoLwKpEmbzz2mm5Q7y0a0AWkD7tfmKKQUrGp5kJIWBv/6hrXEmegHGHwJu/wJTi
EIPkoUFXvD6NwvW46yu8mXZchvFZnYs9N1kqG7sX+POfTeKCBRHCh+FcDMoM7aGZ
f92PqyKKgUsxzlw/6nhf8HXtKvRUV73meYkopTZgBoBarZZcFgZIEMieJvfYJGOI
zRekvE9QXks2HTXkzqUBS3OGqNhgTTAmuGl64Kx5DaQKZ6ykgpGj0hNLrZ1EKgM=
=cfKg
-----END PGP SIGNATURE-----