CVE-2022-35737: `libsqlite3-sys` via C SQLite improperly validates array index
(updated )
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
References
- blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api
- github.com/advisories/GHSA-jw36-hf63-69r9
- github.com/rusqlite/rusqlite
- kb.cert.org/vuls/id/720344
- nvd.nist.gov/vuln/detail/CVE-2022-35737
- rustsec.org/advisories/RUSTSEC-2022-0090.html
- security.gentoo.org/glsa/202210-40
- security.netapp.com/advisory/ntap-20220915-0009
- sqlite.org/releaselog/3_39_2.html
- www.sqlite.org/cves.html
Code Behaviors & Features
Detect and mitigate CVE-2022-35737 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →