CVE-2022-21227: Denial of Service (DoS)
First published: Sun May 01 2022(Updated: )
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
Credit: report@snyk.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SQLite | <5.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-21227.
What is the severity of CVE-2022-21227?
The severity of CVE-2022-21227 is high, with a severity value of 7.5.
What is the affected software?
The affected software is Ghost Sqlite3 with versions before 5.0.3 on Node.js.
How does CVE-2022-21227 affect the system?
CVE-2022-21227 can cause a Denial of Service (DoS) by invoking the toString function of an invalid Function object, potentially crashing the V8 engine.
How can CVE-2022-21227 be mitigated?
To mitigate CVE-2022-21227, it is recommended to update the sqlite3 package to version 5.0.3 or newer.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/title
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ghost
- canonical/sqlite