Lucene search

K
osvGoogleOSV:ASB-A-192605364
HistoryOct 01, 2021 - 12:00 a.m.

Malicious SQL statement causes an read past the end of a heap buffer

2021-10-0100:00:00
Google
osv.dev
25
sql injection
sqlite3select
information disclosure
software vulnerability

AI Score

6.7

Confidence

Low

EPSS

0.002

Percentile

52.4%

In sqlite3Select of select.c, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.