Description

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

Remediation

References

CVE-2017-10989

Related Vulnerabilities

WordPress Plugin Slickr Flickr Cross-Site Scripting (2.8.1)

MediaWiki Improper Access Control Vulnerability (CVE-2016-6336)

WordPress Plugin EZP Coming Soon Page Cross-Site Scripting (1.0.0)

WordPress Plugin WooCommerce Blocks Security Bypass (3.7.0)

WordPress Plugin Ultimate WP Query Search Filter Cross-Site Scripting (1.0.10)

Severity

Critical

Classification

CVE-2017-10989 CWE-125 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities