VYPR

SQLite

by SQLite

Source repositories

CVEs (71)

  • CVE-2021-20227Mar 23, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat…

  • CVE-2020-15358Jun 27, 2020
    risk 0.00cvss epss 0.01

    In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

  • CVE-2020-13871Jun 6, 2020
    risk 0.00cvss epss 0.04

    SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

  • CVE-2020-13630May 27, 2020
    risk 0.00cvss epss 0.01

    ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

  • CVE-2020-13631May 27, 2020
    risk 0.00cvss epss 0.01

    SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

  • CVE-2020-13632May 27, 2020
    risk 0.00cvss epss 0.01

    ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

  • CVE-2020-13434May 24, 2020
    risk 0.00cvss epss 0.01

    SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

  • CVE-2020-13435May 24, 2020
    risk 0.00cvss epss 0.01

    SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

  • CVE-2020-11655Apr 9, 2020
    risk 0.00cvss epss 0.05

    SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

  • CVE-2020-11656Apr 9, 2020
    risk 0.00cvss epss 0.07

    In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

  • CVE-2020-9327Feb 21, 2020
    risk 0.00cvss epss 0.04

    In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

  • CVE-2019-19959Jan 3, 2020
    risk 0.00cvss epss 0.03

    ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.

  • CVE-2019-20218Jan 2, 2020
    risk 0.00cvss epss 0.04

    selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.

  • CVE-2019-13752Dec 10, 2019
    risk 0.00cvss epss 0.02

    Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2019-19646Dec 9, 2019
    risk 0.00cvss epss 0.05

    pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

  • CVE-2019-19645Dec 9, 2019
    risk 0.00cvss epss 0.01

    alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

  • CVE-2019-19317Dec 5, 2019
    risk 0.00cvss epss 0.04

    lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

  • CVE-2019-19244Nov 25, 2019
    risk 0.00cvss epss 0.03

    sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.

  • CVE-2019-19242Nov 25, 2019
    risk 0.00cvss epss 0.03

    SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

  • CVE-2019-5827Jun 27, 2019
    risk 0.00cvss epss 0.02

    Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.