CVE-2024-0232 — Vulnetix

CVE-2024-0232 PUBLISHED

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

EPSS 0.02% · 4.9th percentile

Risk Scores

EPSS Score

0.02%

4.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	sqlite	3.43.0
Bitnami	sqlite	3.43.0

Exploit Intelligence

https://bugzilla.redhat.com/show_bug.cgi?id=2243754 (nist-nvd)

Timeline

Jan 16, 2024 CVE Published
Jan 18, 2024 EPSS Score
Feb 15, 2024 EPSS Score
Mar 14, 2024 EPSS Score
Apr 11, 2024 EPSS Score
May 8, 2024 EPSS Score
Jun 5, 2024 EPSS Score
Jul 3, 2024 EPSS Score
Jul 31, 2024 EPSS Score
Sep 1, 2024 EPSS Score
Sep 29, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score

References

https://access.redhat.com/security/cve/CVE-2024-0232 url
https://bugzilla.redhat.com/show_bug.cgi?id=2243754 url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ url
https://security.netapp.com/advisory/ntap-20240315-0007/ url
https://nvd.nist.gov/vuln/detail/CVE-2024-0232 url

Open in Interactive Console →