Search for packages
| purl | pkg:deb/ubuntu/sqlite3@3.31.1-4 |
| Next non-vulnerable version | 3.31.1-4ubuntu0.2 |
| Latest non-vulnerable version | 3.31.1-4ubuntu0.2 |
| Risk | 3.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4pf6-reg9-aaab
Aliases: CVE-2020-13434 |
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. |
Affected by 1 other vulnerability. |
|
VCID-5n57-agr1-aaah
Aliases: CVE-2020-13632 |
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. |
Affected by 1 other vulnerability. |
|
VCID-cfnz-66fy-aaak
Aliases: CVE-2020-13631 |
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. |
Affected by 1 other vulnerability. |
|
VCID-ptpe-j7h1-aaah
Aliases: CVE-2020-13630 |
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. |
Affected by 1 other vulnerability. |
|
VCID-rcwn-cr9h-aaab
Aliases: CVE-2020-13435 |
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. |
Affected by 1 other vulnerability. |
|
VCID-vx1u-ujaf-aaaf
Aliases: CVE-2020-11655 |
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. |
Affected by 1 other vulnerability. |
|
VCID-xevh-jde9-aaak
Aliases: CVE-2020-15358 |
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|