Vulnerabilities > CVE-2021-45346 - Memory Leak vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sqlite

netapp

CWE-401

NVD

Published: 2022-02-14

Updated: 2024-08-04

Summary

A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.

Vulnerable Configurations

Part	Description	Count
Application	Sqlite Sqlite Sqlite 3.35.1 Sqlite Sqlite 3.37.0	2
Application	Netapp Netapp Ontap Select Deploy Administration Utility -	1

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References