rpm package
suse/sqlite3&distro=SUSE OpenStack Cloud 9
pkg:rpm/suse/sqlite3&distro=SUSE%20OpenStack%20Cloud%209
Vulnerabilities (31)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-46908 | — | < 3.39.3-9.26.1 | 3.39.3-9.26.1 | Dec 12, 2022 | SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. | ||
| CVE-2022-35737 | — | < 3.39.3-9.23.1 | 3.39.3-9.23.1 | Aug 3, 2022 | SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | ||
| CVE-2021-36690 | — | < 3.39.3-9.23.1 | 3.39.3-9.23.1 | Aug 24, 2021 | A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is in | ||
| CVE-2020-15358 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Jun 27, 2020 | In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | ||
| CVE-2020-13630 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | May 27, 2020 | ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | ||
| CVE-2020-13631 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | May 27, 2020 | SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | ||
| CVE-2020-13632 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | May 27, 2020 | ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | ||
| CVE-2020-13434 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | May 24, 2020 | SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | ||
| CVE-2020-13435 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | May 24, 2020 | SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. | ||
| CVE-2020-9327 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Feb 21, 2020 | In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | ||
| CVE-2019-19959 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Jan 3, 2020 | ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. | ||
| CVE-2019-20218 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Jan 2, 2020 | selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. | ||
| CVE-2019-19925 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Dec 24, 2019 | zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | ||
| CVE-2019-19924 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Dec 24, 2019 | SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. | ||
| CVE-2019-19923 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Dec 24, 2019 | flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). | ||
| CVE-2019-19926 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Dec 23, 2019 | multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | ||
| CVE-2019-19880 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Dec 18, 2019 | exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | ||
| CVE-2019-19603 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Dec 9, 2019 | SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | ||
| CVE-2019-19646 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Dec 9, 2019 | pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | ||
| CVE-2019-19645 | — | < 3.36.0-9.18.1 | 3.36.0-9.18.1 | Dec 9, 2019 | alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. |
- CVE-2022-46908Dec 12, 2022affected < 3.39.3-9.26.1fixed 3.39.3-9.26.1
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
- CVE-2022-35737Aug 3, 2022affected < 3.39.3-9.23.1fixed 3.39.3-9.23.1
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
- CVE-2021-36690Aug 24, 2021affected < 3.39.3-9.23.1fixed 3.39.3-9.23.1
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is in
- CVE-2020-15358Jun 27, 2020affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
- CVE-2020-13630May 27, 2020affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
- CVE-2020-13631May 27, 2020affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
- CVE-2020-13632May 27, 2020affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
- CVE-2020-13434May 24, 2020affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
- CVE-2020-13435May 24, 2020affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
- CVE-2020-9327Feb 21, 2020affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
- CVE-2019-19959Jan 3, 2020affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
- CVE-2019-20218Jan 2, 2020affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
- CVE-2019-19925Dec 24, 2019affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
- CVE-2019-19924Dec 24, 2019affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
- CVE-2019-19923Dec 24, 2019affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
- CVE-2019-19926Dec 23, 2019affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
- CVE-2019-19880Dec 18, 2019affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
- CVE-2019-19603Dec 9, 2019affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
- CVE-2019-19646Dec 9, 2019affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
- CVE-2019-19645Dec 9, 2019affected < 3.36.0-9.18.1fixed 3.36.0-9.18.1
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
Page 1 of 2