Your submission was sent successfully! Close

CVE-2021-45346

Published: 14 February 2022

A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information..

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
sqlite
Launchpad, Ubuntu, Debian
bionic Ignored
(vendor disputes CVE)
focal Ignored
(vendor disputes CVE)
impish Ignored
(vendor disputes CVE)
jammy Ignored
(vendor disputes CVE)
trusty Ignored
(vendor disputes CVE)
upstream Ignored
(vendor disputes CVE)
xenial Ignored
(end of standard support, was needs-triage)
sqlite3
Launchpad, Ubuntu, Debian
bionic Ignored
(vendor disputes CVE)
focal Ignored
(vendor disputes CVE)
impish Ignored
(vendor disputes CVE)
jammy Ignored
(vendor disputes CVE)
trusty Ignored
(vendor disputes CVE)
upstream Ignored
(vendor disputes CVE)
xenial Ignored
(vendor disputes CVE)

Notes

AuthorNote
eslerm
disputed by upstream
"Yes, you can do that in SQLite. You can also do it in just
about every other RDBMS and every filesystem ever invented."

References