CVE-2019-8457
CVE Details
Visit the official vulnerability details page for CVE-2019-8457 to learn more.
Initial Publication
11/13/2024
Last Update
12/12/2024
Third Party Dependency
libdb5.3
NIST CVE Summary
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
CVE Severity
Our Official Summary
This vulnerability in SQLite3 causes from heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. Versions affected are from 3.6.0 to and including 3.27.2.
Containers where this vulnerability is reported do not allow access to the sqlite database without an attacker gaining privileged access to the images. Even then risk of exploitation is low since there are controls to prevent execution of arbitrary commands.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.4.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 12/12/2024 | Official summary added |