Stranger Strings: A 22-year-old vulnerability in SQLite

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in the SQLite library API has been assigned CVE-2022-35737, which could allow an attacker to crash or control programs...

The vulnerability of the SQLite database management system’s API library allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the SQLite database management system’s API library is related to unvalidated array indexing. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code during the processing of a long sequence of formatted string data, processed b...

AlmaLinux 8 : sqlite (ALSA-2022:7108)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7108 advisory. - In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. CVE-2020-35525 - In SQLite 3.31.1, there is an out o...

sqlite security update

3.26.0-16 - Fixed CVE-2020-35527 - Fixed CVE-2020-35525...

ERROR : Dotmim.Sync.SyncException: SQLite Error 14: 'unable to open database file'.

On Broker machine event viewer : Dotmim.Sync.SyncException: SQLite Error 14: 'unable to open database file'. --- Microsoft.Data.Sqlite.SqliteException: SQLite Error 14: 'unable to open database file'. à Microsoft.Data.Sqlite.SqliteException.ThrowExceptionForRCInt32 rc, sqlite3 db à...

Oracle Linux 8 : sqlite (ELSA-2022-7108)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7108 advisory. - Fixed CVE-2020-35527 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 CVSS score: 7.5, the 22-year-old issue affects...

Moderate: Red Hat Security Advisory: sqlite security update

An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

sqlite: Null pointer derreference in src/select.c

A NULL pointer dereference flaw was found in select.c of SQLite. An out-of-memory error occurs while an early out on the INTERSECT query is processing. This flaw allows an attacker to execute a potential NULL pointer dereference...

sqlite: Out of bounds access during table rename

An out-of-bounds read vulnerability was found in SQLite. This security flaw occurs when the ALTER TABLE for views has a nested FROM clause. This flaw allows an attacker to triage an out-of-bounds read and access confidential data successfully...

RLSA-2022:7108 Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

sqlite security update

An update is available for sqlite. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list SQLite is a C library that implements an SQL database engine. A large subset o...

Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

RHEL 8 : sqlite (RHSA-2022:7108)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7108 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a singl...

ALSA-2022:7108 Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

Amazon Linux 2 : golang-googlecode-sqlite (ALAS-2022-1862)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1862 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

SUSE-SU-2022:3653-1 Security update for tcl

This update for tcl fixes the following issues: - Fixed a race condition in test socket-13.1. - Removed the SQLite extension and use the packaged sqlite3 instead bsc1195773...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the FTS3 extension, due to 32-bit signed integer overflow. In order to exploit this vulnerability, the attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3...

PT-2022-37524 · Tcl · Tcl

Name of the Vulnerable Software and Affected Versions: tcl affected versions not specified Description: The issue involves a race condition in test socket-13.1. Additionally, the SQLite extension has been removed and replaced with the packaged sqlite3. Recommendations: At the moment, there is no...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2022:10148-1 Rating: important References: 1180132 1180399 Cross-References: CVE-2019-10740 CVE-2020-12641 CVE-2020-16145 CVE-2020-35730 CVSS scores: CVE-2019-10740 NVD : 4.3...