Product:

Sqlite

(Sqlite)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 61
Date Id Summary Products Score Patch Annotated
2022-12-12 CVE-2022-46908 SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. Sqlite 7.3
2023-05-09 CVE-2021-31239 An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. Sqlite 7.5
2023-05-09 CVE-2021-31239 An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. Sqlite 7.5
2025-04-07 CVE-2025-29087 In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory. Sqlite 7.5
2025-04-10 CVE-2025-29088 In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. Sqlite N/A
2020-02-21 CVE-2020-9327 In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. Ubuntu_linux, Cloud_backup, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite 7.5
2020-05-24 CVE-2020-13434 SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Icloud, Ipados, Iphone_os, Itunes, Macos, Tvos, Watchos, Ubuntu_linux, Debian_linux, Fedora, Freebsd, Communications_cloud_native_core_policy, Communications_network_charging_and_control, Outside_in_technology, Sqlite 5.5
2020-05-24 CVE-2020-13435 SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. Fedora, Sqlite 5.5
2020-05-27 CVE-2020-13630 ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Icloud, Ipados, Iphone_os, Itunes, Macos, Tvos, Watchos, Fabric_operating_system, Ubuntu_linux, Debian_linux, Fedora, Cloud_backup, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Communications_network_charging_and_control, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite 7.0
2020-05-27 CVE-2020-13631 SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Icloud, Ipados, Iphone_os, Itunes, Macos, Tvos, Watchos, Fabric_operating_system, Ubuntu_linux, Fedora, Cloud_backup, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Communications_network_charging_and_control, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite 5.5