Environment
Reflection for Secure IT Server for Windows, version 8.2 SP1 and earlier (8.2.1095 and earlier)
Situation
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
Resolution
This issue is addressed beginning in version 8.2 SP1 Update 1 (8.2.1100). Maintained customers can obtain the latest release from the Downloads website.
Status
Security AlertAdditional Information
For vulnerability details, see the National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2017-10989