VYPR

rpm package

suse/sqlite3&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS

Vulnerabilities (23)

  • CVE-2022-35737HigAug 3, 2022
    affected < 3.39.3-150000.3.17.1fixed 3.39.3-150000.3.17.1

    SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

  • CVE-2021-36690HigAug 24, 2021
    affected < 3.39.3-150000.3.17.1fixed 3.39.3-150000.3.17.1

    A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is in

  • CVE-2020-15358MedJun 27, 2020
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

  • CVE-2020-13632MedMay 27, 2020
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

  • CVE-2020-13631MedMay 27, 2020
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

  • CVE-2020-13630HigMay 27, 2020
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

  • CVE-2020-13435MedMay 24, 2020
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

  • CVE-2020-13434MedMay 24, 2020
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

  • CVE-2020-9327HigFeb 21, 2020
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

  • CVE-2019-19959HigJan 3, 2020
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.

  • CVE-2019-20218HigJan 2, 2020
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.

  • CVE-2019-19925HigDec 24, 2019
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

  • CVE-2019-19924MedDec 24, 2019
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

  • CVE-2019-19923HigDec 24, 2019
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

  • CVE-2019-19926HigDec 23, 2019
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

  • CVE-2019-19880HigDec 18, 2019
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

  • CVE-2019-19646CriDec 9, 2019
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

  • CVE-2019-19603HigDec 9, 2019
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

  • CVE-2019-19645MedDec 9, 2019
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

  • CVE-2019-19317CriDec 5, 2019
    affected < 3.36.0-3.12.1fixed 3.36.0-3.12.1

    lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

Page 1 of 2