Search CVE reports
21 – 30 of 74 results
CVE-2020-13631
Low prioritySome fixes available 2 of 10
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | Ignored | Ignored | Ignored |
| sqlite3 | — | — | Fixed | Ignored | Ignored |
CVE-2020-13630
Medium priorityext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | Not affected | Not affected | Not affected |
| sqlite3 | — | — | Fixed | Fixed | Fixed |
CVE-2020-13435
Medium prioritySQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
1 affected packages
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | Fixed | Not affected | Not affected |
CVE-2020-13434
Medium prioritySQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
1 affected packages
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | Fixed | Fixed | Fixed |
CVE-2020-11656
Negligible priorityIn SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | — | Not affected | Not affected | Not affected |
| sqlite3 | — | — | Not affected | Not affected | Not affected |
CVE-2020-11655
Low prioritySome fixes available 2 of 12
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Fixed | Not affected | Not affected |
CVE-2020-9327
Medium priorityIn SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
1 affected packages
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed | Not affected |
CVE-2019-19959
Medium prioritySome fixes available 2 of 3
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
1 affected packages
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed | Not affected |
CVE-2019-20218
Low prioritySome fixes available 3 of 4
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
1 affected packages
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-19925
Medium prioritySome fixes available 2 of 3
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
1 affected packages
sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite3 | — | — | — | Fixed | Not affected |