Search CVE reports
31 – 40 of 88 results
Some fixes available 1 of 2
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | — | Not affected | Not affected |
| sqlite3 | — | — | — | Fixed | Not affected |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud...
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Not affected | Not affected | Not affected |
| sqlite3 | Not affected | Not affected | Not affected | Not affected | Not affected |
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | — | Not affected | Not affected |
| sqlite3 | — | — | — | Not affected | Not affected |
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | — | Not affected | Not affected |
| sqlite3 | — | — | — | Fixed | Fixed |
Some fixes available 2 of 8
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | — | Ignored | Ignored |
| sqlite3 | — | — | — | Fixed | Ignored |
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | — | Not affected | Not affected |
| sqlite3 | — | — | — | Fixed | Fixed |
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
1 affected package
sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed | Not affected |
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
1 affected package
sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed | Fixed |
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | — | Not affected | Not affected |
| sqlite3 | — | — | — | Not affected | Not affected |
Some fixes available 2 of 11
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Not affected | Fixed | Not affected |