Product:

Sqlite

(Sqlite)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 58
Date Id Summary Products Score Patch Annotated
2020-05-27 CVE-2020-13632 ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. Fabric_operating_system, Ubuntu_linux, Debian_linux, Fedora, Cloud_backup, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Communications_network_charging_and_control, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite 5.5
2020-06-06 CVE-2020-13871 SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. Debian_linux, Fedora, Cloud_backup, Ontap_select_deploy_administration_utility, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql_workbench, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite 7.5
2022-09-01 CVE-2020-35525 In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. Sqlite 7.5
2022-09-01 CVE-2020-35527 In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. Ontap_select_deploy_administration_utility, Sqlite 9.8
2021-03-23 CVE-2021-20227 A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. Communications_network_charging_and_control, Enterprise_manager_for_oracle_database, Jd_edwards_enterpriseone_tools, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sqlite 5.5
2020-01-02 CVE-2019-20218 selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. Ubuntu_linux, Debian_linux, Mysql_workbench, Sqlite 7.5
2015-04-24 CVE-2015-3414 SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite N/A
2015-04-24 CVE-2015-3415 The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite N/A
2015-04-24 CVE-2015-3416 The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite N/A
2019-05-10 CVE-2019-5018 An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. Ubuntu_linux, Sqlite 8.1