CVE-2021-31239 (https://www.sqlite.org/cves.html): https://www.sqlite.org/forum/forumpost/d9fce1a89b https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/CVE-2021-31239 An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. Unclear if there is a fixed release.
This has been fixed in https://www.sqlite.org/src/info/04f6439f4d9b9b1f It's not clear in what version this has been introduced, but sqlite 3.42.0 (our oldest available version) does have this fix.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=dad04282cd66732607077c1c4754ea9912114d12 commit dad04282cd66732607077c1c4754ea9912114d12 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-11-24 12:29:15 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-11-24 12:30:37 +0000 [ GLSA 202311-03 ] SQLite: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/886029 Bug: https://bugs.gentoo.org/906114 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202311-03.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
