CVE-2024-0232

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

History

21 Nov 2024, 08:46

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ -
  • () https://security.netapp.com/advisory/ntap-20240315-0007/ -
References () https://access.redhat.com/security/cve/CVE-2024-0232 - Third Party Advisory () https://access.redhat.com/security/cve/CVE-2024-0232 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2243754 - Exploit, Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2243754 - Exploit, Issue Tracking, Third Party Advisory
CVSS v2 : unknown
v3 : 5.5
v2 : unknown
v3 : 4.7

28 Sep 2024, 04:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20240315-0007/', 'source': 'secalert@redhat.com'}

15 Mar 2024, 11:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240315-0007/ -

23 Feb 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ -

24 Jan 2024, 14:14

Type Values Removed Values Added
CWE CWE-416
References () https://access.redhat.com/security/cve/CVE-2024-0232 - () https://access.redhat.com/security/cve/CVE-2024-0232 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2243754 - () https://bugzilla.redhat.com/show_bug.cgi?id=2243754 - Exploit, Issue Tracking, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CPE cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

16 Jan 2024, 23:12

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-16 14:15

Updated : 2024-11-21 08:46


NVD link : CVE-2024-0232

Mitre link : CVE-2024-0232

CVE.ORG link : CVE-2024-0232


JSON object : View

Products Affected

fedoraproject

  • extra_packages_for_enterprise_linux
  • fedora

sqlite

  • sqlite

redhat

  • enterprise_linux
CWE
CWE-416

Use After Free