Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2024-0232

Published: January 12, 2024Last modified: September 1, 2025

Description

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

Severity score breakdown

ParameterValue
Base score5.5
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSsqliteNot affected (3.40.0-r0)
25 LTSsqliteNot affected (3.49.2-r0)
StreamsqliteFixed (3.43.2-r0)
Hardened Containers23 LTSsqliteNot affected (3.40.0-r0)
StreamsqliteFixed (3.43.2-r0)

References

ON THIS PAGE