Photon OS 4.0: Sqlite PHSA-2022-4.0-0300

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0300. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Sqlite PHSA-2019-3.0-0036

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Sqlite PHSA-2022-4.0-0216

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0216. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Sqlite PHSA-2024-5.0-0188

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0188. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Sqlite PHSA-2019-3.0-0012

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0012. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2024-2052)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2024-2052)

According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file...

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

...

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

...

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables related to alter.c and build.c.

...

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

...

SQLite before 3.25.3 when the FTS3 extension is enabled encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

...

SQLite 3.25.2 when queries are run on a table with a malformed PRIMARY KEY allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

...

SQLite before 3.25.3 when the FTS3 extension is enabled encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases) aka Magellan.

...

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

...

In SQLite through 3.31.1 the ALTER TABLE implementation has a use-after-free as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

...

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow related to the snippet feature.

...

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

...

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

...

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

...