Vulnerabilities > Sqlite > Sqlite > 2.1.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-29 | CVE-2023-7104 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. | 7.3 |
2022-08-03 | CVE-2022-35737 | Improper Validation of Array Index vulnerability in multiple products SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | 7.5 |
2020-06-27 | CVE-2020-15358 | Out-of-bounds Write vulnerability in multiple products In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | 2.1 |
2020-04-09 | CVE-2020-11656 | Use After Free vulnerability in multiple products In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | 7.5 |
2020-04-09 | CVE-2020-11655 | Improper Initialization vulnerability in multiple products SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | 5.0 |
2019-12-09 | CVE-2019-19646 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | 7.5 |
2019-12-09 | CVE-2019-19645 | Uncontrolled Recursion vulnerability in multiple products alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | 2.1 |
2019-04-03 | CVE-2018-20506 | Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | 6.8 |
2019-04-03 | CVE-2018-20505 | SQL Injection vulnerability in multiple products SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | 5.0 |
2018-12-21 | CVE-2018-20346 | Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. | 8.1 |