CVE-2022-35737: MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow

Overview

Severity

N/A

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Jan

Released

2024-01-09

EPSS Score

51.94% (percentile: 97.9%)

FAQ

Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)? CVE-2022-35737 is regarding a vulnerability in SQLite. MITRE assigned this CVE number on behalf of the SQLite organization. Microsoft has included the updated library in Windows that addresses this vulnerability.

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 2 repositories

Affected Products (17)

Mariner

• CBL Mariner 1.0 ARM
• CBL Mariner 1.0 x64
• CBL Mariner 2.0 ARM
• CBL Mariner 2.0 x64

Windows

• Windows 10 Version 1809 for 32-bit Systems
• Windows 10 Version 1809 for x64-based Systems
• Windows 10 Version 1809 for ARM64-based Systems
• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows 10 Version 21H2 for 32-bit Systems
• Windows 10 Version 21H2 for ARM64-based Systems
• Windows 10 Version 21H2 for x64-based Systems
• Windows 10 Version 22H2 for x64-based Systems
• Windows 10 Version 22H2 for ARM64-based Systems
• Windows 10 Version 22H2 for 32-bit Systems

Security Updates (3)

• 5034127
• 5034129
• 5034122

Revision History

• 2024-01-09: Information published.