Search for packages
| purl | pkg:deb/ubuntu/sqlite3@3.22.0-1ubuntu0.3 |
| Next non-vulnerable version | 3.31.1-4ubuntu0.2 |
| Latest non-vulnerable version | 3.31.1-4ubuntu0.2 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-227a-c7y7-aaah
Aliases: CVE-2020-9327 |
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. |
Affected by 9 other vulnerabilities. |
|
VCID-4pf6-reg9-aaab
Aliases: CVE-2020-13434 |
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. |
Affected by 8 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-4vdc-rrqy-aaaq
Aliases: CVE-2019-20218 |
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. |
Affected by 9 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-5n57-agr1-aaah
Aliases: CVE-2020-13632 |
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. |
Affected by 8 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-9veb-ed57-aaab
Aliases: CVE-2019-5827 |
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Affected by 25 other vulnerabilities. |
|
VCID-cfnz-66fy-aaak
Aliases: CVE-2020-13631 |
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. |
Affected by 8 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-d1jp-bvsh-aaas
Aliases: CVE-2019-13750 |
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. |
Affected by 9 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-j5e7-v3a9-aaaf
Aliases: CVE-2019-5018 |
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. |
Affected by 25 other vulnerabilities. |
|
VCID-k8mw-375e-aaaa
Aliases: CVE-2019-19923 |
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). |
Affected by 9 other vulnerabilities. |
|
VCID-k9rk-9qya-aaab
Aliases: CVE-2019-19645 |
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. |
Affected by 8 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-m77k-ax1z-aaam
Aliases: CVE-2018-8740 |
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. |
Affected by 28 other vulnerabilities. |
|
VCID-mv66-zgd3-aaap
Aliases: CVE-2019-13752 |
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
Affected by 9 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-mx17-vf2g-aaas
Aliases: CVE-2019-19924 |
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. |
Affected by 9 other vulnerabilities. |
|
VCID-p3bp-nq76-aaak
Aliases: CVE-2019-13751 |
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
Affected by 9 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-p3ns-dp4z-aaak
Aliases: CVE-2019-16168 |
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." |
Affected by 24 other vulnerabilities. |
|
VCID-pcm1-uvnf-aaah
Aliases: CVE-2019-19959 |
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. |
Affected by 9 other vulnerabilities. |
|
VCID-psdz-r5t1-aaan
Aliases: CVE-2019-13734 |
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Affected by 9 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-ptpe-j7h1-aaah
Aliases: CVE-2020-13630 |
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. |
Affected by 8 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-r5w3-e7ct-aaan
Aliases: CVE-2019-13753 |
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
Affected by 9 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-rcwn-cr9h-aaab
Aliases: CVE-2020-13435 |
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. |
Affected by 8 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-s3q7-sc5w-aaar
Aliases: CVE-2019-19926 |
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. |
Affected by 9 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-spam-m9bv-aaam
Aliases: CVE-2019-19880 |
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. |
Affected by 9 other vulnerabilities. |
|
VCID-tbmy-yg28-aaac
Aliases: CVE-2019-19925 |
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. |
Affected by 9 other vulnerabilities. |
|
VCID-tdy5-rvmd-aaae
Aliases: CVE-2019-8457 |
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. |
Affected by 25 other vulnerabilities. |
|
VCID-vwku-mt64-aaaf
Aliases: CVE-2019-19603 |
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. |
Affected by 8 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-vx1u-ujaf-aaaf
Aliases: CVE-2020-11655 |
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. |
Affected by 8 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-xevh-jde9-aaak
Aliases: CVE-2020-15358 |
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. |
Affected by 0 other vulnerabilities. |
|
VCID-xj29-b3r6-aaac
Aliases: CVE-2019-19242 |
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. |
Affected by 22 other vulnerabilities. |
|
VCID-zgee-q37t-aaap
Aliases: CVE-2019-19244 |
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. |
Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|