Latest sqlite sqlite Vulnerabilities

CVE-2023-7104
SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
ubuntu/sqlite3<3.31.1-4ubuntu0.6
ubuntu/sqlite3<3.37.2-2ubuntu0.3
ubuntu/sqlite3<3.40.1-1ubuntu0.1
ubuntu/sqlite3<3.42.0-1ubuntu0.1
ubuntu/sqlite3<3.44.2-1
SQLite SQLite<=3.43.0
and 6 more
CVE-2021-31239
An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.
SQLite SQLite=3.35.4
CVE-2022-46908
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions suc...
SQLite SQLite>=3.37.0<3.40.1
ubuntu/sqlite3<3.41.0
ubuntu/sqlite3<3.37.2-2ubuntu0.3
debian/sqlite
debian/sqlite3
CVE-2020-35527
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
SQLite SQLite=3.31.1
NetApp ONTAP Select Deploy administration utility
CVE-2020-35525
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
SQLite SQLite=3.31.1
CVE-2022-35737
MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow
SQLite SQLite>=1.0.12<3.39.2
NetApp ONTAP Select Deploy administration utility
Microsoft Windows 10=22H2
Microsoft Windows 10=22H2
Microsoft Windows Server 2022
Microsoft Windows 10=21H2
and 17 more
CVE-2021-45346
** DISPUTED ** A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record...
SQLite SQLite=3.35.1
SQLite SQLite=3.37.0
NetApp ONTAP Select Deploy administration utility
=3.35.1
=3.37.0
CVE-2021-36690
** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes t...
IBM DRM<=2.0.6
SQLite SQLite=3.36.0
Oracle ZFS Storage Appliance Kit=8.8
Apple iPhone OS<16.0
Apple macOS<13.0
Apple tvOS<16.0
and 11 more
CVE-2021-20227
SQLite 3.34.1 fixes a potential use-after-free bug when processing a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate. References: <a h...
redhat/sqlite<3.34.1
IBM DRM<=2.0.6
SQLite SQLite>=3.33.0<3.34.1
Oracle Communications Network Charging And Control>=12.0.1.0<=12.0.4.0.0
Oracle Communications Network Charging And Control=6.0.1
Oracle Enterprise Manager For Oracle Database=13.4.0.0
and 4 more
CVE-2020-15358
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
IBM Security Verify Access<=10.0.0
Apple iCloud for Windows<7.21
Apple macOS Big Sur<11.0.1
Google Android
Apple macOS Big Sur<11.2
Apple Catalina
and 27 more
CVE-2020-13871
SQLite is vulnerable to a denial of service, caused by a use-after-free in resetAccumulator in select.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to c...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.32.2
Fedoraproject Fedora=33
Debian Debian Linux=9.0
Oracle Communications Messaging Server=8.1
Oracle Communications Network Charging And Control=6.0.1
and 9 more
CVE-2020-13632
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
redhat/sqlite<3.32.0
ubuntu/sqlite3<3.22.0-1ubuntu0.4
ubuntu/sqlite3<3.29.0-2ubuntu0.3
ubuntu/sqlite3<3.31.1-4ubuntu0.1
ubuntu/sqlite3<3.32.0-1
ubuntu/sqlite3<3.11.0-1ubuntu1.5
and 22 more
CVE-2020-13631
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
<3.32.0
=32
=16.04
=18.04
=19.10
=20.04
and 55 more
CVE-2020-13630
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
<3.32.0
=32
=16.04
=18.04
=19.10
=20.04
and 59 more
CVE-2020-13434
SQLite is vulnerable to a denial of service, caused by an integer overflow in the sqlite3_str_vappendf function. By sending a specially-crafted request, a remote attacker could overflow a buffer and c...
IBM Security Verify Access<=10.0.0
Apple iTunes for Windows<12.10.9
Apple iCloud for Windows<11.5
Apple macOS Big Sur<11.0.1
Apple watchOS<7.0
Apple tvOS<14.0
and 53 more
CVE-2020-13435
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
SQLite SQLite<=3.32.0
Fedoraproject Fedora=32
Apple iTunes for Windows<12.10.9
Apple iCloud for Windows<11.5
Apple macOS Big Sur<11.0.1
Apple watchOS<7.0
and 9 more
CVE-2020-11656
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
SQLite SQLite<=3.31.1
NetApp ONTAP Select Deploy administration utility
Oracle Communications Network Charging And Control>=12.0.0<=12.0.3
Oracle Communications Network Charging And Control=6.0.1
Oracle Communications Network Charging And Control=12.0.2
Oracle Enterprise Manager Ops Center=12.4.0.0
and 9 more
CVE-2020-11655
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
SQLite SQLite<=3.31.1
NetApp ONTAP Select Deploy administration utility
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 26 more
CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
SQLite SQLite=3.31.1
Netapp Cloud Backup
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
Siemens Sinec Infrastructure Network Services<1.0.1.1
and 15 more
CVE-2019-19959
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
ubuntu/sqlite3<3.22.0-1ubuntu0.3
and 4 more
CVE-2019-20218
An unspecified error in selectExpander in select.c in SQLite has an unknown impact and attack vector.
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Debian Debian Linux=9.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
and 7 more
CVE-2019-19925
SQLite is vulnerable to a denial of service, caused by the mishandling of a NULL pathname in the zipfileUpdate function in ext/misc/zipfile.c. By sending a specially-crafted request, a remote attacker...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 16 more
CVE-2019-19923
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or inco...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 16 more
CVE-2019-19924
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Apache Bookkeeper=4.12.1
Oracle Mysql Workbench<=8.0.19
Netapp Cloud Backup
and 4 more
CVE-2019-19926
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Oracle Mysql Workbench<=8.0.19
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 17 more
CVE-2019-19880
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Netapp Cloud Backup
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Suse Package Hub
and 14 more
CVE-2019-19646
An unspecified error related to the mishandling of NOT NULL in an integrity_check PRAGMA command in pragma.c in SQLite has an unknown impact and attack vector.
IBM Data Risk Manager<=2.0.6
SQLite SQLite<=3.30.1
Siemens Sinec Infrastructure Network Services<1.0.1.1
Tenable Tenable.sc<5.19.0
Oracle Mysql Workbench<=8.0.19
Netapp Cloud Backup
and 1 more
CVE-2019-19645
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
IBM Data Risk Manager<=2.0.6
SQLite SQLite<=3.30.1
Netapp Cloud Backup
NetApp ONTAP Select Deploy administration utility
Oracle Mysql Workbench<=8.0.19
Tenable Tenable.sc<5.19.0
and 4 more
CVE-2019-19603
An error during handling of CREATE TABLE and CREATE VIEW statements in SQLite has an unknown impact via a specially crafted table name.
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Oracle Mysql Workbench<=8.0.19
Siemens Sinec Infrastructure Network Services<1.0.1.1
Siemens Sinec Infrastructure Network Services=1.0.1.1
Apache Guacamole=1.3.0
and 5 more
CVE-2019-19317
SQLite is vulnerable to a denial of service, caused by an error in lookupName in resolve.c. By providing specially crafted input, a remote attacker could exploit this vulnerability to cause the applic...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Netapp Cloud Backup
NetApp ONTAP Select Deploy administration utility
Oracle Mysql Workbench<=8.0.19
Siemens Sinec Infrastructure Network Services<1.0.1.1
CVE-2019-19242
An unspecified error with the mishandling of pExpr-&gt;y.pTab in the sqlite3ExprCodeTarget function in expr.c in SQLite has an unknown impact and attack vector.
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
and 8 more
CVE-2019-19244
SQLite is vulnerable to a denial of service, caused by an error in sqlite3Select in select.c. By providing specially crafted input, a remote attacker could exploit this vulnerability to cause the appl...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.30.1
Canonical Ubuntu Linux=19.04
Canonical Ubuntu Linux=19.10
Oracle Mysql Workbench<=8.0.19
Siemens Sinec Infrastructure Network Services<1.0.1.1
and 4 more
CVE-2019-16168
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the q...
IBM Data Risk Manager<=2.0.6
ubuntu/sqlite3<3.22.0-1ubuntu0.2
ubuntu/sqlite3<3.27.2-2ubuntu0.2
ubuntu/sqlite3<3.29.0-2
ubuntu/sqlite3<3.11.0-1ubuntu1.3
debian/sqlite
and 28 more
CVE-2019-8457
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
SQLite SQLite>=3.6.0<=3.27.2
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
Canonical Ubuntu Linux=19.04
and 36 more
CVE-2019-5018
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulti...
SQLite SQLite=3.26.0
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
Canonical Ubuntu Linux=19.10
and 6 more
CVE-2019-9936
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related...
SQLite SQLite=3.27.2
Google Android
ubuntu/sqlite3<3.22.0-1ubuntu0.1
ubuntu/sqlite3<3.24.0-1ubuntu0.1
ubuntu/sqlite3<3.27.2-2
ubuntu/sqlite3<3.11.0-1ubuntu1.2
and 2 more
CVE-2019-9937
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5...
SQLite SQLite=3.27.2
ubuntu/sqlite3<3.22.0-1ubuntu0.1
ubuntu/sqlite3<3.24.0-1ubuntu0.1
ubuntu/sqlite3<3.27.2-2
ubuntu/sqlite3<3.11.0-1ubuntu1.2
debian/sqlite
and 1 more
CVE-2018-20505
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL sta...
Apple iCloud for Windows<7.10
Apple iTunes for Windows<12.9.3
Apple watchOS<5.1.3
Apple macOS Mojave<10.14.3
Apple High Sierra
Apple Sierra
and 17 more
CVE-2018-20506
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FT...
Apple iCloud for Windows<7.10
Apple iTunes for Windows<12.9.3
Apple watchOS<5.1.3
Apple macOS Mojave<10.14.3
Apple High Sierra
Apple Sierra
and 21 more
CVE-2018-20346
Multiple flaws were found in sqlite. An attacker who is able to run arbitrary SQL statements could use this flaw to corrupt the internal databases, which can lead to arbitrary code execution as the us...
Apple iCloud for Windows<7.10
Apple iTunes for Windows<12.9.3
SQLite SQLite<3.25.3
Google Chrome<71.0.3578.80
Redhat Linux=6.0
Debian Debian Linux=8.0
and 18 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203