CVE-2022-35737
Published: 03 August 2022
Summary
CVE-2022-35737 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Splunk Universal Forwarder. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 1.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
SQLite versions 1.0.12 through 3.39.x before 3.39.2 contain an array-bounds overflow condition that can be triggered when billions of bytes are supplied in a string argument passed to a C API function. The flaw is tracked under CWE-129 and carries a CVSS 3.1 score of 7.5 with network attack vector and high availability impact.
An unauthenticated remote attacker can supply a specially crafted large string to an affected SQLite instance reachable over the network, resulting in a crash or denial of service; no privileges or user interaction are required.
Advisories and vendor notices recommend upgrading to SQLite 3.39.2 or later, with coordinated updates published by distributions such as Gentoo and vendors including NetApp; the official SQLite release notes for 3.39.2 document the correction.
The CVE maintains an EPSS score that has remained elevated near 0.55 since disclosure, indicating sustained exploitation interest, while detailed analysis appears in reporting from Trail of Bits and CERT.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-6580
Vulnerability details
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.