VulnerableCode Package Details - pkg:deb/debian/sqlite3@3.40.1-2%2Bdeb12u2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7r9m-bmx1-pfhr	SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.	CVE-2022-35737 GHSA-jw36-hf63-69r9
VCID-macf-2xgx-6yfv	There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.	CVE-2025-6965
VCID-uh8c-3dwn-5bce	In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.	CVE-2025-29088
VCID-uwe8-xnmp-5kh1	A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.	CVE-2023-7104
VCID-vrnh-msaa-67a1	An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.	CVE-2025-7458
VCID-z47k-7g96-puev	A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.	CVE-2021-36690

Vulnerability

Summary

Aliases

VCID-7r9m-bmx1-pfhr

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

CVE-2022-35737
GHSA-jw36-hf63-69r9

VCID-macf-2xgx-6yfv

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

CVE-2025-6965

VCID-uh8c-3dwn-5bce

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.

CVE-2025-29088

VCID-uwe8-xnmp-5kh1

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.

CVE-2023-7104

VCID-vrnh-msaa-67a1

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

CVE-2025-7458

VCID-z47k-7g96-puev

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

CVE-2021-36690

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-09-09T23:59:59.628509+00:00	Debian Oval Importer	Fixing	VCID-z47k-7g96-puev	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T21:04:31.721143+00:00	Debian Importer	Fixing	VCID-macf-2xgx-6yfv	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-09-09T20:10:37.070558+00:00	Debian Importer	Fixing	VCID-uh8c-3dwn-5bce	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-09-09T19:51:23.555945+00:00	Debian Oval Importer	Fixing	VCID-uwe8-xnmp-5kh1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T19:40:46.494168+00:00	Debian Importer	Fixing	VCID-7r9m-bmx1-pfhr	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-09-09T18:56:33.199817+00:00	Debian Importer	Fixing	VCID-vrnh-msaa-67a1	https://security-tracker.debian.org/tracker/data/json	37.0.0