Search CVE reports
31 – 40 of 81 results
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite3 | — | — | Fixed | Not affected |
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite3 | — | — | Fixed | Fixed |
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | — | — | Not affected | Not affected |
| sqlite3 | — | — | Not affected | Not affected |
Some fixes available 2 of 12
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Fixed | Not affected |
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed |
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed |
Some fixes available 34 of 65
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
5 affected packages
chromium, db5.3, sqlite3, qtwebengine-opensource-src, sqlcipher
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium | Not in release | Not in release | Not in release | Not in release |
| db5.3 | Fixed | Fixed | Fixed | Fixed |
| sqlite3 | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlcipher | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 6 of 20
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3 affected packages
sqlite, chromium-browser, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| chromium-browser | Not affected | Not affected | Not in release | Fixed |
| sqlite3 | Not affected | Not affected | Not affected | Fixed |
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution....
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite3 | — | — | — | Not affected |
Some fixes available 3 of 4
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite3 | Not affected | Not affected | Not affected | Fixed |