Impact of SQLite Vulnerability CVE-2022-35737 on Backup Exec

book

Article ID: 100058950

calendar_today

Updated On:

Description

Error

Cause

CVE-2022-35737
SQLite 1.0.12 through 3.39.x (before 3.39.2) sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
https://nvd.nist.gov/vuln/detail/CVE-2022-35737

Resolution

Backup Exec 22.0, 22.1 & 22.2

Backup Exec does sends data to C-API. However, this issue only occurs when SQLite is compiled with the DSQLITE_ENABLE_STAT4 option.
BE 22.x is not compiled using this option and therefore Backup Exec is not impacted.

Issue/Introduction

Vulnerability CVE-2022-35737 has been reported against SQLite version 1.0.12 through 3.39.x

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"