Vulnerabilities > CVE-2024-0232 - Use After Free vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

NVD

Published: 2024-01-16

Updated: 2024-11-21

Summary

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Sqlite Sqlite Sqlite 3.43.0 Sqlite Sqlite 3.43.1	2
Application	Fedoraproject Fedoraproject Extra Packages FOR Enterprise Linux 8.0	1
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	2
OS	Fedoraproject Fedoraproject Fedora 39	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://access.redhat.com/security/cve/CVE-2024-0232
https://access.redhat.com/security/cve/CVE-2024-0232
https://bugzilla.redhat.com/show_bug.cgi?id=2243754
https://bugzilla.redhat.com/show_bug.cgi?id=2243754
https://lists.fedoraproject.org/archives/list/[email protected]/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
https://security.netapp.com/advisory/ntap-20240315-0007/