VulnerableCode Package Details - pkg:deb/debian/sqlite3@3.40.1-2%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-macf-2xgx-6yfv Aliases: CVE-2025-6965	There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.	3.46.1-7 Affected by 0 other vulnerabilities.
VCID-uh8c-3dwn-5bce Aliases: CVE-2025-29088	In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.	3.46.1-7 Affected by 0 other vulnerabilities.
VCID-vrnh-msaa-67a1 Aliases: CVE-2025-7458	An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.	3.46.1-7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-macf-2xgx-6yfv
Aliases:
CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

3.46.1-7
Affected by 0 other vulnerabilities.

VCID-uh8c-3dwn-5bce
Aliases:
CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.

3.46.1-7
Affected by 0 other vulnerabilities.

VCID-vrnh-msaa-67a1
Aliases:
CVE-2025-7458

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

3.46.1-7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7r9m-bmx1-pfhr	SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.	CVE-2022-35737 GHSA-jw36-hf63-69r9
VCID-uwe8-xnmp-5kh1	A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.	CVE-2023-7104
VCID-z47k-7g96-puev	A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.	CVE-2021-36690

Vulnerability

Summary

Aliases

VCID-7r9m-bmx1-pfhr

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

CVE-2022-35737
GHSA-jw36-hf63-69r9

VCID-uwe8-xnmp-5kh1

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.

CVE-2023-7104

VCID-z47k-7g96-puev

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

CVE-2021-36690

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T14:46:45.301937+00:00	Debian Oval Importer	Fixing	VCID-z47k-7g96-puev	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:21:49.869971+00:00	Debian Importer	Affected by	VCID-macf-2xgx-6yfv	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:57:21.913744+00:00	Debian Importer	Affected by	VCID-uh8c-3dwn-5bce	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:40:11.552808+00:00	Debian Importer	Fixing	VCID-7r9m-bmx1-pfhr	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:14:27.430432+00:00	Debian Importer	Affected by	VCID-vrnh-msaa-67a1	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T11:54:28.412369+00:00	Debian Oval Importer	Fixing	VCID-uwe8-xnmp-5kh1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0