Search CVE reports
51 – 60 of 81 results
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | — | — | — | Not affected |
| sqlite3 | — | — | — | Not affected |
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite3 | — | — | — | Not affected |
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed |
Some fixes available 19 of 31
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
3 affected packages
sqlite, sqlite3, chromium-browser
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Not affected | Fixed |
| chromium-browser | Fixed | Fixed | Fixed | Fixed |
Some fixes available 19 of 31
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
3 affected packages
sqlite, chromium-browser, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| chromium-browser | Fixed | Fixed | Fixed | Fixed |
| sqlite3 | Not affected | Not affected | Not affected | Fixed |
Some fixes available 19 of 31
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
3 affected packages
chromium-browser, sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Fixed | Fixed | Fixed | Fixed |
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Not affected | Fixed |
Some fixes available 19 of 31
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
3 affected packages
chromium-browser, sqlite3, sqlite
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Fixed | Fixed | Fixed | Fixed |
| sqlite3 | Not affected | Not affected | Not affected | Fixed |
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 19 of 31
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3 affected packages
chromium-browser, sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Fixed | Fixed | Fixed | Fixed |
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Not affected | Fixed |
Some fixes available 3 of 4
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite3 | — | — | Not affected | Fixed |
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing...
1 affected package
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed |