rpm package

opensuse/sqlite3&distro=openSUSE Leap Micro 5.2

pkg:rpm/opensuse/sqlite3&distro=openSUSE%20Leap%20Micro%205.2

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-46908	—	< 3.39.3-150000.3.20.1	3.39.3-150000.3.20.1	Dec 12, 2022	SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
CVE-2022-35737	—	< 3.39.3-150000.3.17.1	3.39.3-150000.3.17.1	Aug 3, 2022	SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
CVE-2021-36690	—	< 3.39.3-150000.3.17.1	3.39.3-150000.3.17.1	Aug 24, 2021	A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is in

CVE-2022-46908Dec 12, 2022
affected < 3.39.3-150000.3.20.1fixed 3.39.3-150000.3.20.1
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
CVE-2022-35737Aug 3, 2022
affected < 3.39.3-150000.3.17.1fixed 3.39.3-150000.3.17.1
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
CVE-2021-36690Aug 24, 2021
affected < 3.39.3-150000.3.17.1fixed 3.39.3-150000.3.17.1
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is in