CVE-2022-35737 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Affected Products (NVD)

Vendor	Product	Version
sqlite	sqlite	1.0.12 ≤ 𝑥 < 3.39.2
netapp	ontap_select_deploy_administration_utility	-
splunk	universal_forwarder	8.2.0 ≤ 𝑥 < 8.2.12
splunk	universal_forwarder	9.0.0 ≤ 𝑥 < 9.0.6
splunk	universal_forwarder	9.1.0

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

1809 (arm64, x64, x86)	KB5034127
21H2 (arm64, x64, x86)	KB5034122
22H2 (arm64, x64, x86)	KB5034122

Windows Server 2019

Server Core	KB5034127
Standard	KB5034127

Windows Server 2022

Server Core	KB5034129
Standard	KB5034129

Debian Releases

Debian Product

Codename

sqlite3

bookworm	3.40.1-2 fixed
bullseye	unimportant
bullseye (security)	unimportant
sid	3.46.1-1 fixed
trixie	3.46.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

sqlite

bionic	not-affected
focal	not-affected
jammy	not-affected
kinetic	not-affected
lunar	dne
mantic	dne
noble	dne
trusty	not-affected
xenial	needed

sqlite3

bionic	Fixed 3.22.0-1ubuntu0.7 released
focal	Fixed 3.31.1-4ubuntu0.5 released
jammy	Fixed 3.37.2-2ubuntu0.1 released
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	Fixed 3.8.2-1ubuntu2.2+esm3 released
xenial	Fixed 3.11.0-1ubuntu1.5+esm2 released

openSUSE / SLES Releases

openSUSE Product

Release

libsqlite3-0

suse enterprise desktop 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP7	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP1	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP2	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP7	3.39.3-150000.3.17.1 fixed
suse enterprise server 12 SP2	3.39.3-9.23.1 fixed
suse enterprise server 12 SP3	3.39.3-9.23.1 fixed
suse enterprise server 12 SP4	3.39.3-9.23.1 fixed
suse enterprise server 12 SP5	3.39.3-9.23.1 fixed
suse enterprise server 15	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP1	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP2	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP7	3.39.3-150000.3.17.1 fixed

libsqlite3-0-32bit

suse enterprise desktop 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP7	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP1	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP2	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP7	3.39.3-150000.3.17.1 fixed
suse enterprise server 12 SP2	3.39.3-9.23.1 fixed
suse enterprise server 12 SP3	3.39.3-9.23.1 fixed
suse enterprise server 12 SP4	3.39.3-9.23.1 fixed
suse enterprise server 12 SP5	3.39.3-9.23.1 fixed
suse enterprise server 15	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP1	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP2	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP7	3.39.3-150000.3.17.1 fixed

sqlite3

suse enterprise desktop 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP7	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP1	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP2	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP7	3.39.3-150000.3.17.1 fixed
suse enterprise server 12 SP2	3.39.3-9.23.1 fixed
suse enterprise server 12 SP3	3.39.3-9.23.1 fixed
suse enterprise server 12 SP4	3.39.3-9.23.1 fixed
suse enterprise server 12 SP5	3.39.3-9.23.1 fixed
suse enterprise server 15	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP1	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP2	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP7	3.39.3-150000.3.17.1 fixed

sqlite3-devel

suse enterprise desktop 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP7	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP1	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP2	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP7	3.39.3-150000.3.17.1 fixed
suse enterprise server 12 SP2	3.39.3-9.23.1 fixed
suse enterprise server 12 SP3	3.39.3-9.23.1 fixed
suse enterprise server 12 SP4	3.39.3-9.23.1 fixed
suse enterprise server 12 SP5	3.39.3-9.23.1 fixed
suse enterprise server 15	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP1	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP2	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP7	3.39.3-150000.3.17.1 fixed

sqlite3-tcl

suse enterprise desktop 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise desktop 15 SP7	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP1	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP2	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise sap 15 SP7	3.39.3-150000.3.17.1 fixed
suse enterprise server 12 SP2	3.39.3-9.23.1 fixed
suse enterprise server 12 SP3	3.39.3-9.23.1 fixed
suse enterprise server 12 SP4	3.39.3-9.23.1 fixed
suse enterprise server 12 SP5	3.39.3-9.23.1 fixed
suse enterprise server 15	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP1	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP2	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP3	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP4	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP5	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP6	3.39.3-150000.3.17.1 fixed
suse enterprise server 15 SP7	3.39.3-150000.3.17.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

lemon

RHEL 8	0:3.26.0-17.el8_7 fixed
RHEL 8.6 AUS	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 E4S	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 EUS	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 TUS	0:3.26.0-16.el8_6.1 fixed

sqlite

RHEL 8	0:3.26.0-17.el8_7 fixed
RHEL 8.6 AUS	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 E4S	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 EUS	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 TUS	0:3.26.0-16.el8_6.1 fixed
RHEL 9	0:3.34.1-6.el9_1 fixed

sqlite-devel

RHEL 8	0:3.26.0-17.el8_7 fixed
RHEL 8.6 AUS	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 E4S	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 EUS	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 TUS	0:3.26.0-16.el8_6.1 fixed
RHEL 9	0:3.34.1-6.el9_1 fixed

sqlite-doc

RHEL 8	0:3.26.0-17.el8_7 fixed
RHEL 8.6 AUS	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 E4S	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 EUS	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 TUS	0:3.26.0-16.el8_6.1 fixed

sqlite-libs

RHEL 8	0:3.26.0-17.el8_7 fixed
RHEL 8.6 AUS	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 E4S	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 EUS	0:3.26.0-16.el8_6.1 fixed
RHEL 8.6 TUS	0:3.26.0-16.el8_6.1 fixed
RHEL 9	0:3.34.1-6.el9_1 fixed

Known Exploits!

Common Weakness Enumeration

CWE-129 - Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References

https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

https://kb.cert.org/vuls/id/720344

https://security.gentoo.org/glsa/202210-40

https://security.netapp.com/advisory/ntap-20220915-0009/

https://sqlite.org/releaselog/3_39_2.html

https://www.sqlite.org/cves.html

https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

https://kb.cert.org/vuls/id/720344

https://security.gentoo.org/glsa/202210-40

https://security.netapp.com/advisory/ntap-20220915-0009/

https://sqlite.org/releaselog/3_39_2.html

https://www.sqlite.org/cves.html