SQLite
by SQLite
Source repositories
CVEs (71)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-20227 | 0.00 | — | 0.01 | Mar 23, 2021 | A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat… | |||
| CVE-2020-15358 | 0.00 | — | 0.01 | Jun 27, 2020 | In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | |||
| CVE-2020-13871 | 0.00 | — | 0.04 | Jun 6, 2020 | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | |||
| CVE-2020-13630 | 0.00 | — | 0.01 | May 27, 2020 | ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | |||
| CVE-2020-13631 | 0.00 | — | 0.01 | May 27, 2020 | SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | |||
| CVE-2020-13632 | 0.00 | — | 0.01 | May 27, 2020 | ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | |||
| CVE-2020-13434 | 0.00 | — | 0.01 | May 24, 2020 | SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | |||
| CVE-2020-13435 | 0.00 | — | 0.01 | May 24, 2020 | SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. | |||
| CVE-2020-11655 | 0.00 | — | 0.05 | Apr 9, 2020 | SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | |||
| CVE-2020-11656 | 0.00 | — | 0.07 | Apr 9, 2020 | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | |||
| CVE-2020-9327 | 0.00 | — | 0.04 | Feb 21, 2020 | In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | |||
| CVE-2019-19959 | 0.00 | — | 0.03 | Jan 3, 2020 | ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. | |||
| CVE-2019-20218 | 0.00 | — | 0.04 | Jan 2, 2020 | selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. | |||
| CVE-2019-13752 | 0.00 | — | 0.02 | Dec 10, 2019 | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-19646 | 0.00 | — | 0.05 | Dec 9, 2019 | pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | |||
| CVE-2019-19645 | 0.00 | — | 0.01 | Dec 9, 2019 | alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | |||
| CVE-2019-19317 | 0.00 | — | 0.04 | Dec 5, 2019 | lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |||
| CVE-2019-19244 | 0.00 | — | 0.03 | Nov 25, 2019 | sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. | |||
| CVE-2019-19242 | 0.00 | — | 0.03 | Nov 25, 2019 | SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. | |||
| CVE-2019-5827 | 0.00 | — | 0.02 | Jun 27, 2019 | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
- CVE-2021-20227Mar 23, 2021risk 0.00cvss —epss 0.01
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat…
- CVE-2020-15358Jun 27, 2020risk 0.00cvss —epss 0.01
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
- CVE-2020-13871Jun 6, 2020risk 0.00cvss —epss 0.04
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
- CVE-2020-13630May 27, 2020risk 0.00cvss —epss 0.01
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
- CVE-2020-13631May 27, 2020risk 0.00cvss —epss 0.01
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
- CVE-2020-13632May 27, 2020risk 0.00cvss —epss 0.01
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
- CVE-2020-13434May 24, 2020risk 0.00cvss —epss 0.01
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
- CVE-2020-13435May 24, 2020risk 0.00cvss —epss 0.01
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
- CVE-2020-11655Apr 9, 2020risk 0.00cvss —epss 0.05
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
- CVE-2020-11656Apr 9, 2020risk 0.00cvss —epss 0.07
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
- CVE-2020-9327Feb 21, 2020risk 0.00cvss —epss 0.04
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
- CVE-2019-19959Jan 3, 2020risk 0.00cvss —epss 0.03
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
- CVE-2019-20218Jan 2, 2020risk 0.00cvss —epss 0.04
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
- CVE-2019-13752Dec 10, 2019risk 0.00cvss —epss 0.02
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- CVE-2019-19646Dec 9, 2019risk 0.00cvss —epss 0.05
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
- CVE-2019-19645Dec 9, 2019risk 0.00cvss —epss 0.01
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
- CVE-2019-19317Dec 5, 2019risk 0.00cvss —epss 0.04
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
- CVE-2019-19244Nov 25, 2019risk 0.00cvss —epss 0.03
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
- CVE-2019-19242Nov 25, 2019risk 0.00cvss —epss 0.03
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
- CVE-2019-5827Jun 27, 2019risk 0.00cvss —epss 0.02
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Page 3 of 4