In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Max CVSS
5.5
EPSS Score
0.11%
Published
2020-06-27
Updated
2022-05-12
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
Max CVSS
7.5
EPSS Score
0.98%
Published
2020-06-06
Updated
2022-05-13
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
Max CVSS
5.5
EPSS Score
0.09%
Published
2020-05-27
Updated
2022-05-13
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Max CVSS
5.5
EPSS Score
0.11%
Published
2020-05-27
Updated
2022-05-13
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Max CVSS
7.0
EPSS Score
0.06%
Published
2020-05-27
Updated
2022-05-13
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
Max CVSS
5.5
EPSS Score
0.11%
Published
2020-05-24
Updated
2021-06-14
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Max CVSS
5.5
EPSS Score
0.13%
Published
2020-05-24
Updated
2023-01-09
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Max CVSS
9.8
EPSS Score
1.08%
Published
2020-04-09
Updated
2022-04-08
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
Max CVSS
7.5
EPSS Score
1.25%
Published
2020-04-09
Updated
2022-04-08
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Max CVSS
7.5
EPSS Score
1.05%
Published
2020-02-21
Updated
2022-04-08
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
Max CVSS
7.5
EPSS Score
1.14%
Published
2020-01-02
Updated
2022-10-07
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
Max CVSS
7.5
EPSS Score
0.18%
Published
2020-01-03
Updated
2020-11-09
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!