First published: Thu Jan 09 2020(Updated: )
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. References and upstream commits: <a href="https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec">https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec</a> <a href="https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1">https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1</a>
Affected Software | Affected Version | How to fix |
---|---|---|
SQLite JDBC |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-1789595 is classified as a memory-management error that can lead to potential application instability.
To fix REDHAT-BUG-1789595, it is recommended to update to the latest stable version of SQLite that addresses this issue.
REDHAT-BUG-1789595 affects SQLite version 3.30.1 and potentially earlier versions.
Not addressing REDHAT-BUG-1789595 can lead to application crashes or unexpected behavior when handling certain filenames.
Yes, REDHAT-BUG-1789595 is recognized as a known issue and has been documented within the SQLite community.