Miggo Logo

CVE-2019-8457: SQLite3 Heap Out-of-Bound Read Vulnerability in Rtreenode Function

N/A

CVSS Score

Basic Information

EPSS Score
0.96226%
Published
5/24/2022
Updated
1/28/2023
KEV Status
No
Technology
-

Technical Details

CVSS Vector
-

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

Starting analysis. Need to fetch the content of the commit URL to understand the patch details, as it's not a standard GitHub commit URL that get_commit_infos can process directly. The vulnerability description points to rtreenode() in SQLite's R-tree extension. The commit 90acdbfce9c08858 is cited as the fix. I will fetch this URL to examine the changes made to the code, specifically looking for modifications in or around the rtreenode function or related R-tree handling logic in ext/rtree/rtree.c as indicated by the commit information on the SQLite website (though not directly in the provided input yet).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

SQLit** *rom *.*.* to *n* in*lu*in* *.**.* is vuln*r**l* to ***p out-o*-*oun* r*** in t** rtr**no**() *un*tion w**n **n*lin* inv*li* rtr** t**l*s.

Reasoning

St*rtin* *n*lysis. N*** to **t** t** *ont*nt o* t** *ommit URL to un**rst*n* t** p*t** **t*ils, *s it's not * st*n**r* *it*u* *ommit URL t**t `**t_*ommit_in*os` **n pro**ss *ir**tly. T** vuln*r**ility **s*ription points to `rtr**no**()` in SQLit*'s R