Search CVE reports
11 – 20 of 78 results
CVE-2022-35737
Medium prioritySome fixes available 5 of 6
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | Not in release | Not affected | Not affected | Not affected | Vulnerable |
sqlite3 | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2022-21227
Medium priorityThe package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
1 affected packages
node-sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
node-sqlite3 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-45346
Low priority** DISPUTED ** A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of...
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | — | Ignored | Ignored | Ignored | Ignored |
sqlite3 | — | Ignored | Ignored | Ignored | Ignored |
CVE-2021-36690
Negligible prioritySome fixes available 3 of 5
** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report...
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | — | Not affected | Not affected | Not affected | Not affected |
sqlite3 | — | Not affected | Fixed | Fixed | Not affected |
CVE-2021-0646
Medium priorityIn sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL...
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | — | Not affected | Not affected | Not affected | Not affected |
sqlite3 | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-20227
Medium priorityA flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by...
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | — | — | Not affected | Not affected | Not affected |
sqlite3 | — | — | Not affected | Not affected | Not affected |
CVE-2020-9991
Low priorityThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | Not in release | Not affected | Not affected | Not affected | Vulnerable |
sqlite3 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2020-9849
Low priorityAn information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A...
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | Not in release | Not affected | Not affected | Not affected | Vulnerable |
sqlite3 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2020-15358
Medium prioritySome fixes available 1 of 2
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | — | — | Not affected | Not affected | Not affected |
sqlite3 | — | — | Fixed | Not affected | Not affected |
CVE-2020-9794
Medium priorityAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud...
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | Not in release | Not affected | Not affected | Not affected | Vulnerable |
sqlite3 | Not affected | Not affected | Not affected | Not affected | Not affected |