7.5

CVE-2022-35737

Exploit
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SqliteSqlite Version >= 1.0.12 < 3.39.2
SplunkUniversal Forwarder Version >= 8.2.0 < 8.2.12
SplunkUniversal Forwarder Version >= 9.0.0 < 9.0.6
SplunkUniversal Forwarder Version9.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 17.98% 0.968
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://security.gentoo.org/glsa/202210-40
Third Party Advisory
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
Third Party Advisory
Exploit
https://kb.cert.org/vuls/id/720344
Third Party Advisory
US Government Resource
Broken Link
https://security.netapp.com/advisory/ntap-20220915-0009/
Third Party Advisory
https://sqlite.org/releaselog/3_39_2.html
Vendor Advisory
Release Notes
https://www.sqlite.org/cves.html
Vendor Advisory