Search CVE reports
1 – 10 of 74 results
CVE-2024-0232
Medium priorityA heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application,...
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not affected | Not affected | Not affected | Not affected |
| sqlite3 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-7104
Medium priorityA vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler....
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not affected | Not affected | Not affected | Not affected |
| sqlite3 | Not affected | Fixed | Fixed | Fixed | Not affected |
CVE-2021-31239
Medium priorityAn issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | Not affected | Not affected | Not affected | Not affected |
| sqlite3 | — | Not affected | Not affected | Not affected | Not affected |
CVE-2020-24736
Medium priorityBuffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-43441
Medium priorityA code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious...
1 affected packages
node-sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-sqlite3 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-46908
Low prioritySome fixes available 1 of 2
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | Not affected | Not affected | Not affected | Not affected |
| sqlite3 | — | Fixed | Not affected | Not affected | Not affected |
CVE-2020-35527
Medium prioritySome fixes available 1 of 4
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | Not affected | Not affected | Not affected | Not affected |
| sqlite3 | — | Not affected | Fixed | Ignored | Ignored |
CVE-2020-35525
Medium prioritySome fixes available 4 of 5
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not affected | Not affected | Not affected | Not affected |
| sqlite3 | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2022-35737
Medium prioritySome fixes available 5 of 6
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
2 affected packages
sqlite, sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not affected | Not affected | Not affected | Vulnerable |
| sqlite3 | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2022-21227
Medium priorityThe package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
1 affected packages
node-sqlite3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-sqlite3 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |