CVE-2021-31239

Description

An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.

How to fix CVE-2021-31239

To remediate CVE-2021-31239, upgrade the affected package to a fixed version below.

• Bitnami/sqlite—upgrade to 3.35.5 or later
• Debian/sqlite3—upgrade to 3.36.0-2 or later

Is CVE-2021-31239 being exploited?

Low — EPSS is 4.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• >= 3.35.4, < 3.35.5
• from 0, < 3.36.0-2

CVSS scores

References (9)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-31239
• WEBgithub.com/Tsiming/Vulnerabilities/blob/main/SQLite/CVE-2021-31239
• WEBlists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/
• WEB