CVE-2024-0232

Sqlite: use-after-free bug in jsonparseaddnodearray

Published: 1/16/2024 Last updated: 11/21/2025 Reserved: 1/4/2024

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.7	Medium	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (4)

conf-mingw-w64-sqlite3-i686 conf-mingw-w64-sqlite3-x86_64 conf-sqlite3 lemonade-sqlite

Products affected (1)

Product	Vendor	Version
Red Hat Enterprise Linux 9	Red Hat	CSR8811

References (12)

https://access.redhat.com/security/cve/CVE-2024-0232
https://bugzilla.redhat.com/show_bug.cgi?id=2243754
https://access.redhat.com/security/cve/CVE-2024-0232
https://bugzilla.redhat.com/show_bug.cgi?id=2243754
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
https://security.netapp.com/advisory/ntap-20240315-0007/
https://access.redhat.com/security/cve/CVE-2024-0232
https://bugzilla.redhat.com/show_bug.cgi?id=2243754
https://access.redhat.com/security/cve/CVE-2024-0232
https://bugzilla.redhat.com/show_bug.cgi?id=2243754
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
https://security.netapp.com/advisory/ntap-20240315-0007/