Home

CVE-2017-10989

Description

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
12.478

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 Combo Update - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.5 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 Combo Update - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3Mac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 Combo UpdateMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2Mac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2 Combo UpdateMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13Mac
C library that implements an SQL database engine (USN-2698-1) libsqlite3-0_3.8.2-1ubuntu2.2_i386.debLinux
C library that implements an SQL database engine (USN-2698-1) libsqlite3-0_3.8.2-1ubuntu2.2_amd64.debLinux
C library that implements an SQL database engine (USN-4019-1) sqlite3_3.11.0-1ubuntu1.2_i386.debLinux
C library that implements an SQL database engine (USN-4019-1) sqlite3_3.11.0-1ubuntu1.2_amd64.debLinux
C library that implements an SQL database engine (USN-4019-1) sqlite3_3.22.0-1ubuntu0.1_i386.debLinux
C library that implements an SQL database engine (USN-4019-1) sqlite3_3.22.0-1ubuntu0.1_amd64.debLinux
C library that implements an SQL database engine (USN-4019-1) sqlite3_3.24.0-1ubuntu0.1_i386.debLinux
C library that implements an SQL database engine (USN-4019-1) sqlite3_3.24.0-1ubuntu0.1_amd64.debLinux
C library that implements an SQL database engine (USN-4019-1) sqlite3_3.27.2-2ubuntu0.1_i386.debLinux
C library that implements an SQL database engine (USN-4019-1) sqlite3_3.27.2-2ubuntu0.1_amd64.debLinux
C library that implements an SQL database engine (USN-4019-1) libsqlite3-0_3.11.0-1ubuntu1.2_i386.debLinux
C library that implements an SQL database engine (USN-4019-1) libsqlite3-0_3.11.0-1ubuntu1.2_amd64.debLinux
C library that implements an SQL database engine (USN-4019-1) libsqlite3-0_3.22.0-1ubuntu0.1_i386.debLinux
C library that implements an SQL database engine (USN-4019-1) libsqlite3-0_3.22.0-1ubuntu0.1_amd64.debLinux
C library that implements an SQL database engine (USN-4019-1) libsqlite3-0_3.24.0-1ubuntu0.1_i386.debLinux
C library that implements an SQL database engine (USN-4019-1) libsqlite3-0_3.24.0-1ubuntu0.1_amd64.debLinux
C library that implements an SQL database engine (USN-4019-1) libsqlite3-0_3.27.2-2ubuntu0.1_i386.debLinux
C library that implements an SQL database engine (USN-4019-1) libsqlite3-0_3.27.2-2ubuntu0.1_amd64.debLinux
SUSE-SU-2019:1208-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-3.8.10.2-9.6.1.x86_64.rpmLinux
SUSE-SU-2019:1208-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-32bit-3.8.10.2-9.6.1.x86_64.rpmLinux
SUSE-SU-2019:1208-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-debuginfo-3.8.10.2-9.6.1.x86_64.rpmLinux
SUSE-SU-2019:1208-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsqlite3-0-debuginfo-32bit-3.8.10.2-9.6.1.x86_64.rpmLinux
SUSE-SU-2019:1208-1(SUSE Linux Enterprise Desktop 12-SP4 ) sqlite3-3.8.10.2-9.6.1.x86_64.rpmLinux
SUSE-SU-2019:1208-1(SUSE Linux Enterprise Desktop 12-SP4 ) sqlite3-debuginfo-3.8.10.2-9.6.1.x86_64.rpmLinux
SUSE-SU-2019:1208-1(SUSE Linux Enterprise Desktop 12-SP4 ) sqlite3-debugsource-3.8.10.2-9.6.1.x86_64.rpmLinux
Out-of-bounds Read Vulnerability (CVE-2017-10989)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601312Security Update 2017-001 macOS High Sierra v10.13.1
PATCH-601345Security Update 2017-001 macOS High Sierra v10.13

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234