A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
Max CVSS
7.3
EPSS Score
0.13%
Published
2023-12-29
Updated
2024-03-21
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
Max CVSS
7.3
EPSS Score
0.05%
Published
2022-12-12
Updated
2023-11-24
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
Max CVSS
7.5
EPSS Score
0.25%
Published
2022-08-03
Updated
2024-03-27
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
Max CVSS
7.5
EPSS Score
0.27%
Published
2021-08-24
Updated
2024-03-21
An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.
Max CVSS
7.5
EPSS Score
0.18%
Published
2023-05-09
Updated
2023-11-24
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
Max CVSS
9.8
EPSS Score
0.22%
Published
2022-09-01
Updated
2022-12-08
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
Max CVSS
7.5
EPSS Score
0.08%
Published
2022-09-01
Updated
2023-07-06
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
Max CVSS
7.5
EPSS Score
0.98%
Published
2020-06-06
Updated
2022-05-13
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Max CVSS
7.0
EPSS Score
0.06%
Published
2020-05-27
Updated
2022-05-13
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Max CVSS
9.8
EPSS Score
1.08%
Published
2020-04-09
Updated
2022-04-08
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
Max CVSS
7.5
EPSS Score
1.64%
Published
2020-04-09
Updated
2022-04-08
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Max CVSS
7.5
EPSS Score
1.05%
Published
2020-02-21
Updated
2022-04-08
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
Max CVSS
7.5
EPSS Score
1.14%
Published
2020-01-02
Updated
2022-10-07
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
Max CVSS
7.5
EPSS Score
0.18%
Published
2020-01-03
Updated
2020-11-09
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
Max CVSS
7.5
EPSS Score
1.40%
Published
2019-12-23
Updated
2022-04-15
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
Max CVSS
7.5
EPSS Score
1.51%
Published
2019-12-24
Updated
2022-04-15
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
Max CVSS
7.5
EPSS Score
1.07%
Published
2019-12-24
Updated
2022-04-15
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
Max CVSS
7.5
EPSS Score
1.07%
Published
2019-12-18
Updated
2022-04-15
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
Max CVSS
9.8
EPSS Score
1.35%
Published
2019-12-09
Updated
2022-04-15
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
Max CVSS
7.5
EPSS Score
0.32%
Published
2019-12-09
Updated
2022-04-15
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Max CVSS
9.8
EPSS Score
0.22%
Published
2019-12-05
Updated
2022-04-15
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
Max CVSS
7.5
EPSS Score
0.12%
Published
2019-11-25
Updated
2022-04-15
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Max CVSS
6.5
EPSS Score
0.41%
Published
2019-09-09
Updated
2023-03-23
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.
Max CVSS
7.5
EPSS Score
4.59%
Published
2019-03-22
Updated
2020-08-23
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
Max CVSS
7.5
EPSS Score
4.59%
Published
2019-03-22
Updated
2020-08-23
41 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!