VDB

ALPINE-CVE-2017-10989

ALPINE-CVE-2017-10989 PUBLISHED CVSS 9.800000190734863 CRITICAL

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

Risk Scores

CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.5sqlite3.6.22-r1, 3.6.22-r1, 3.6.22-r0
Alpine:v3.3sqlite3.6.15-r0, 3.6.22-r0, 3.6.22-r1
Alpine:v3.4sqlite3.8.4.3-r1, 3.11.0-r0, 3.11.1-r0
Alpine:v3.6sqlite3.7.0-r0, 3.7.0.1-r0, 3.7.1-r0

Timeline

  • Jul 7, 2017 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›