Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-10989

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

Related bugs and status

CVE-2017-10989 (Candidate) is related to these bugs:

Bug #1700937: Heap-buffer overflow in nodeAcquire

Summary				In	Importance	Status
	1700937	Heap-buffer overflow in nodeAcquire		sqlite3 (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: http://marc.info/?l=sq...
MISC: https://bugs.chromium....
MISC: https://bugs.launchpad...
MISC: https://sqlite.org/src...
MISC: https://sqlite.org/src...
BID: 99502
SECTRACK: 1039427
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: http://www.oracle.com/...
MLIST: [debian-lts-announce] ...
SUSE: openSUSE-SU-2019:1426
UBUNTU: USN-4019-1
UBUNTU: USN-4019-2