SQLite Vulnerability (CVE-2017-10989)

  • 7022306
  • 09-Nov-2017
  • 10-Nov-2017


Reflection for Secure IT Server for Windows, version 8.2 SP1 and earlier (8.2.1095 and earlier)


The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.


This issue is addressed beginning in version 8.2 SP1 Update 1 (8.2.1100). Maintained customers can obtain the latest release from the Downloads website.


Security Alert

Additional Information

For vulnerability details, see the National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2017-10989