rpm package
almalinux/sqlite
pkg:rpm/almalinux/sqlite
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6965 | Cri | 9.8 | < 3.46.1-5.el10_0 | 3.46.1-5.el10_0 | Jul 15, 2025 | There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. | |
| CVE-2025-3277 | — | < 3.46.1-4.el10_0 | 3.46.1-4.el10_0 | Apr 14, 2025 | An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of | ||
| CVE-2023-7104 | — | < 3.26.0-19.el8_9 | 3.26.0-19.el8_9 | Dec 25, 2023 | A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recom | ||
| CVE-2020-24736 | — | < 3.26.0-18.el8_8 | 3.26.0-18.el8_8 | Apr 11, 2023 | Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script. | ||
| CVE-2020-35527 | — | < 3.26.0-16.el8_6 | 3.26.0-16.el8_6 | Sep 1, 2022 | In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. | ||
| CVE-2020-35525 | — | < 3.26.0-16.el8_6 | 3.26.0-16.el8_6 | Sep 1, 2022 | In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. | ||
| CVE-2022-35737 | — | < 3.26.0-17.el8_7 | 3.26.0-17.el8_7 | Aug 3, 2022 | SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | ||
| CVE-2020-13435 | — | < 3.26.0-15.el8 | 3.26.0-15.el8 | May 24, 2020 | SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. | ||
| CVE-2019-13751 | — | < 3.26.0-15.el8 | 3.26.0-15.el8 | Dec 10, 2019 | Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2019-13750 | — | < 3.26.0-15.el8 | 3.26.0-15.el8 | Dec 10, 2019 | Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | ||
| CVE-2019-19603 | — | < 3.26.0-15.el8 | 3.26.0-15.el8 | Dec 9, 2019 | SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | ||
| CVE-2019-5827 | — | < 3.26.0-15.el8 | 3.26.0-15.el8 | Jun 27, 2019 | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
- affected < 3.46.1-5.el10_0fixed 3.46.1-5.el10_0
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
- CVE-2025-3277Apr 14, 2025affected < 3.46.1-4.el10_0fixed 3.46.1-4.el10_0
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of
- CVE-2023-7104Dec 25, 2023affected < 3.26.0-19.el8_9fixed 3.26.0-19.el8_9
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recom
- CVE-2020-24736Apr 11, 2023affected < 3.26.0-18.el8_8fixed 3.26.0-18.el8_8
Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.
- CVE-2020-35527Sep 1, 2022affected < 3.26.0-16.el8_6fixed 3.26.0-16.el8_6
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
- CVE-2020-35525Sep 1, 2022affected < 3.26.0-16.el8_6fixed 3.26.0-16.el8_6
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
- CVE-2022-35737Aug 3, 2022affected < 3.26.0-17.el8_7fixed 3.26.0-17.el8_7
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
- CVE-2020-13435May 24, 2020affected < 3.26.0-15.el8fixed 3.26.0-15.el8
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
- CVE-2019-13751Dec 10, 2019affected < 3.26.0-15.el8fixed 3.26.0-15.el8
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- CVE-2019-13750Dec 10, 2019affected < 3.26.0-15.el8fixed 3.26.0-15.el8
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
- CVE-2019-19603Dec 9, 2019affected < 3.26.0-15.el8fixed 3.26.0-15.el8
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
- CVE-2019-5827Jun 27, 2019affected < 3.26.0-15.el8fixed 3.26.0-15.el8
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.