CVE-2024-0232: 
SQLite vulnerability analysis and mitigation

A heap use-after-free vulnerability (CVE-2024-0232) was identified in SQLite's jsonParseAddNodeArray() function within sqlite3.c. The vulnerability was discovered and disclosed on January 16, 2024, affecting SQLite versions up to 3.43.2. This security flaw impacts various systems and applications that utilize SQLite for database management (NVD, CVE).

The vulnerability is classified as a heap use-after-free issue specifically located in the jsonParseAddNodeArray() function of sqlite3.c. It has received a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. This indicates a local attack vector with low attack complexity, requiring no privileges but user interaction, and potentially resulting in high availability impact (NVD).

When successfully exploited, this vulnerability can allow a local attacker to cause the application to crash, leading to a denial of service (DoS) condition. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity (NVD).

The vulnerability has been patched in SQLite version 3.43.2. Users and organizations are advised to upgrade to this version or later to mitigate the risk (Bugzilla).