[3.3] sqlite: Heap-buffer overflow in the getNodeSize function (CVE-2017-10989)
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3,
as used in GDAL
and other products, mishandles undersized RTree blobs in a crafted
database,
leading to a heap-based buffer over-read or possibly unspecified other
impact.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-10989
https://marc.info/?l=oss-security&m=149945242611289&w=2
Patch:
https://sqlite.org/src/info/66de6f4a
(from redmine: issue id 7953, created on 2017-10-02, closed on 2017-10-04)
- Relations:
- parent #7949 (closed)
- Changesets:
- Revision fdb75990 by Natanael Copa on 2017-10-03T18:17:12Z:
main/sqlite: security fix for CVE-2017-10989
fixes #7953