Product:

Sqlite

(Sqlite)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 38
Date ID Summary Products Score Patch
2019-05-30 CVE-2019-8457 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. Ubuntu_linux, Fedora, Leap, Sqlite N/A
2020-01-02 CVE-2019-20218 selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. Sqlite N/A
2019-12-24 CVE-2019-19925 zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Sqlite N/A
2019-12-24 CVE-2019-19923 flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). Sqlite N/A
2019-12-18 CVE-2019-19880 exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. Sqlite N/A
2019-09-09 CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." Ubuntu_linux, Fedora, Ontap_select_deploy_administration_utility, Leap, Sqlite N/A
2019-12-23 CVE-2019-19926 multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. Sqlite N/A
2019-12-24 CVE-2019-19924 SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. Sqlite N/A
2020-01-03 CVE-2019-19959 ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. Sqlite N/A
2019-12-05 CVE-2019-19317 lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. Sqlite N/A