Product:

Sqlite

(Sqlite)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 50
Date Id Summary Products Score Patch Annotated
2020-06-27 CVE-2020-15358 In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. Icloud, Ipados, Iphone_os, Macos, Tvos, Watchos, Ubuntu_linux, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql, Outside_in_technology, Sqlite 5.5
2021-08-24 CVE-2021-36690 ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. Sqlite 7.5
2018-12-21 CVE-2018-20346 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. Debian_linux, Chrome, Leap, Linux, Sqlite 8.1
2019-04-03 CVE-2018-20506 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. Icloud, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Leap, Sqlite 8.1
2019-05-30 CVE-2019-8457 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. Ubuntu_linux, Fedora, Leap, Sqlite 9.8
2019-09-09 CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." Ubuntu_linux, Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Communications_design_studio, Jdk, Jre, Mysql, Outside_in_technology, Solaris, Zfs_storage_appliance, Sqlite, Nessus_agent 6.5
2019-12-09 CVE-2019-19645 alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. Sqlite 5.5
2019-12-09 CVE-2019-19646 pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. Sqlite 9.8
2020-04-09 CVE-2020-11655 SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. Ubuntu_linux, Debian_linux, Ontap_select_deploy_administration_utility, Communications_element_manager, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Mysql, Zfs_storage_appliance_kit, Sqlite 7.5
2020-04-09 CVE-2020-11656 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. Ontap_select_deploy_administration_utility, Communications_network_charging_and_control, Enterprise_manager_ops_center, Mysql, Outside_in_technology, Zfs_storage_appliance_kit, Sqlite 9.8