CVE-2017-10989 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-10989 PUBLISHED CVSS 9.800000190734863 CRITICAL

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

EPSS 12.48% · 93.9th percentile

Risk Scores

CVSS v3.0

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

EPSS Score

12.48%

93.9th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB Ability Camera Connect <=2.0.0.42
ABB	ABB B&R Automation Studio <6.5

Timeline

Jul 7, 2017 CVE Published
Apr 14, 2021 EPSS Score
Mar 7, 2023 EPSS Score
Mar 17, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Mar 23, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 31, 2025 EPSS Score
Apr 2, 2025 EPSS Score
Apr 3, 2025 EPSS Score
Apr 6, 2025 EPSS Score

References

Open in Interactive Console →