Search CVE reports
11 – 20 of 88 results
Some fixes available 8 of 13
In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently...
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Fixed | Fixed | Fixed | Fixed |
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g.,...
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | — | Not affected | Not affected | Not affected |
| sqlite3 | Not affected | Fixed | Not affected | Not affected | Not affected |
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application,...
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Not affected | Not affected | Not affected |
| sqlite3 | Not affected | Not affected | Not affected | Not affected | Not affected |
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler....
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Not affected | Not affected | Not affected |
| sqlite3 | Not affected | Not affected | Fixed | Fixed | Fixed |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | Not affected | Not affected | Not affected |
| sqlite3 | — | — | Not affected | Not affected | Not affected |
An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | Not affected | Not affected | Not affected |
| sqlite3 | — | — | Not affected | Not affected | Not affected |
Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Not affected | Not affected | Not affected |
A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious...
1 affected package
node-sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-sqlite3 | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 1 of 2
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | Not affected | Not affected | Not affected |
| sqlite3 | — | — | Fixed | Not affected | Not affected |
Some fixes available 1 of 2
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | Not affected | Not affected | Not affected |
| sqlite3 | — | — | Not affected | Fixed | Ignored |