A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
Max CVSS
5.5
EPSS Score
0.06%
Published
2024-01-16
Updated
2024-02-23
sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-06-23
Updated
2023-07-04
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
Max CVSS
7.3
EPSS Score
0.13%
Published
2023-12-29
Updated
2024-01-12
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
Max CVSS
7.3
EPSS Score
0.05%
Published
2022-12-12
Updated
2023-11-24
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
Max CVSS
7.5
EPSS Score
0.21%
Published
2022-08-03
Updated
2022-11-16
** DISPUTED ** A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
Max CVSS
4.3
EPSS Score
0.22%
Published
2022-02-14
Updated
2022-11-23
** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
Max CVSS
7.5
EPSS Score
0.36%
Published
2021-08-24
Updated
2023-03-03
An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.
Max CVSS
7.5
EPSS Score
0.18%
Published
2023-05-09
Updated
2023-11-24
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.
Max CVSS
5.5
EPSS Score
0.07%
Published
2021-03-23
Updated
2022-11-16
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-09-01
Updated
2022-12-08
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
Max CVSS
7.5
EPSS Score
0.08%
Published
2022-09-01
Updated
2023-07-06
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Max CVSS
5.5
EPSS Score
0.11%
Published
2020-06-27
Updated
2022-05-12
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
Max CVSS
7.5
EPSS Score
0.98%
Published
2020-06-06
Updated
2022-05-13
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
Max CVSS
5.5
EPSS Score
0.09%
Published
2020-05-27
Updated
2022-05-13
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Max CVSS
5.5
EPSS Score
0.11%
Published
2020-05-27
Updated
2022-05-13
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Max CVSS
7.0
EPSS Score
0.06%
Published
2020-05-27
Updated
2022-05-13
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
Max CVSS
5.5
EPSS Score
0.11%
Published
2020-05-24
Updated
2021-06-14
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Max CVSS
5.5
EPSS Score
0.13%
Published
2020-05-24
Updated
2023-01-09
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Max CVSS
9.8
EPSS Score
1.08%
Published
2020-04-09
Updated
2022-04-08
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
Max CVSS
7.5
EPSS Score
1.25%
Published
2020-04-09
Updated
2022-04-08
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Max CVSS
7.5
EPSS Score
1.05%
Published
2020-02-21
Updated
2022-04-08
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
Max CVSS
7.5
EPSS Score
1.14%
Published
2020-01-02
Updated
2022-10-07
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
Max CVSS
7.5
EPSS Score
0.18%
Published
2020-01-03
Updated
2020-11-09
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
Max CVSS
7.5
EPSS Score
1.40%
Published
2019-12-23
Updated
2022-04-15
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
Max CVSS
7.5
EPSS Score
1.51%
Published
2019-12-24
Updated
2022-04-15
58 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!