Amazon Linux 2023 Security Advisory: ALAS2023-2026-1903
Advisory Released Date: 2026-07-07
Advisory Updated Date: 2026-07-07
SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bounds read in fts5LeafSeek() via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate() through a crafted continuation page causing an integer underflow, exploitable when an FTS5 MATCH query is executed against the malicious database. (CVE-2026-11822)
SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4. Attackers can trigger an integer underflow in fts5ChunkIterate() causing an inflated remaining byte count during FTS5 MATCH query processing, leading to a heap buffer overflow of attacker-controlled data in applications compiled with SQLITE_ENABLE_FTS5. (CVE-2026-11824)
Affected Packages:
sqlite
Issue Correction:
Run dnf update sqlite --releasever 2023.12.20260706 or dnf update --advisory ALAS2023-2026-1903 --releasever 2023.12.20260706 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
sqlite-debugsource-3.40.0-1.amzn2023.0.8.aarch64
sqlite-debuginfo-3.40.0-1.amzn2023.0.8.aarch64
sqlite-devel-3.40.0-1.amzn2023.0.8.aarch64
sqlite-analyzer-debuginfo-3.40.0-1.amzn2023.0.8.aarch64
sqlite-tcl-3.40.0-1.amzn2023.0.8.aarch64
lemon-3.40.0-1.amzn2023.0.8.aarch64
sqlite-tools-debuginfo-3.40.0-1.amzn2023.0.8.aarch64
sqlite-analyzer-3.40.0-1.amzn2023.0.8.aarch64
sqlite-3.40.0-1.amzn2023.0.8.aarch64
sqlite-libs-debuginfo-3.40.0-1.amzn2023.0.8.aarch64
sqlite-tools-3.40.0-1.amzn2023.0.8.aarch64
sqlite-tcl-debuginfo-3.40.0-1.amzn2023.0.8.aarch64
sqlite-libs-3.40.0-1.amzn2023.0.8.aarch64
lemon-debuginfo-3.40.0-1.amzn2023.0.8.aarch64
noarch:
sqlite-doc-3.40.0-1.amzn2023.0.8.noarch
src:
sqlite-3.40.0-1.amzn2023.0.8.src
x86_64:
sqlite-debugsource-3.40.0-1.amzn2023.0.8.x86_64
sqlite-libs-3.40.0-1.amzn2023.0.8.x86_64
sqlite-tools-debuginfo-3.40.0-1.amzn2023.0.8.x86_64
sqlite-tcl-3.40.0-1.amzn2023.0.8.x86_64
sqlite-debuginfo-3.40.0-1.amzn2023.0.8.x86_64
sqlite-tcl-debuginfo-3.40.0-1.amzn2023.0.8.x86_64
sqlite-3.40.0-1.amzn2023.0.8.x86_64
sqlite-analyzer-debuginfo-3.40.0-1.amzn2023.0.8.x86_64
sqlite-analyzer-3.40.0-1.amzn2023.0.8.x86_64
lemon-debuginfo-3.40.0-1.amzn2023.0.8.x86_64
lemon-3.40.0-1.amzn2023.0.8.x86_64
sqlite-devel-3.40.0-1.amzn2023.0.8.x86_64
sqlite-tools-3.40.0-1.amzn2023.0.8.x86_64
sqlite-libs-debuginfo-3.40.0-1.amzn2023.0.8.x86_64