rpm package
suse/sqlite3&distro=SUSE Linux Enterprise Server 16.0
pkg:rpm/suse/sqlite3&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-11824 | Hig | 7.8 | < 3.53.2-160000.1.1 | 3.53.2-160000.1.1 | Jun 9, 2026 | SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value sma | |
| CVE-2026-11822 | Hig | 7.8 | < 3.53.2-160000.1.1 | 3.53.2-160000.1.1 | Jun 9, 2026 | SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigge | |
| CVE-2025-70873 | Hig | 7.5 | < 3.51.3-160000.1.1 | 3.51.3-160000.1.1 | Mar 12, 2026 | An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file. | |
| CVE-2025-7709 | Med | — | < 3.51.3-160000.1.1 | 3.51.3-160000.1.1 | Sep 8, 2025 | An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds. |
- affected < 3.53.2-160000.1.1fixed 3.53.2-160000.1.1
SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value sma
- affected < 3.53.2-160000.1.1fixed 3.53.2-160000.1.1
SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigge
- affected < 3.51.3-160000.1.1fixed 3.51.3-160000.1.1
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
- affected < 3.51.3-160000.1.1fixed 3.51.3-160000.1.1
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.