QwikSec

Security Database

CVE

CWE

Training

CVE-2023-7104

Published: Dec 25, 2023

Modified: Dec 18, 2025

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.

Vendor	Product	Versions
SQLite	SQLite3	affected `3.0` affected `3.1` affected `3.2` affected `3.3` affected `3.4` +39 more versions

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://vuldb.com/?id.248999

vdb-entry

technical-description

https://vuldb.com/?ctiid.248999

signature

permissions-required

https://sqlite.org/forum/forumpost/5bcbf4571c

related

https://sqlite.org/src/info/0e4e7a05c4204b47

patch

https://lists.fedoraproject.org/archives/list/[email protected]/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/

https://lists.fedoraproject.org/archives/list/[email protected]/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/

https://security.netapp.com/advisory/ntap-20240112-0008/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.