Description
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
Remediation
References
Related Vulnerabilities
WordPress Plugin WishList Member X Remote Code Execution (3.25.1)
Oracle Application Server Other Vulnerability (CVE-2001-1372)
Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5090)
Grafana Improper Preservation of Permissions Vulnerability (CVE-2022-36062)
Internet Information Services Other Vulnerability (CVE-2000-0778)