MiracleLinux 8 : sqlite-3.26.0-11.el8 (AXSA:2020-1005:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-1005:03 advisory. sqlite: Use-after-free in window function leading to remote code execution CVE-2019-5018 sqlite: Division by zero in whereLoopAddBtreeIndex in...

Siemens SIMATIC S7-1500 Use After Free (CVE-2020-13630)

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

K000141402: SQLite vulnerabilities CVE-2018-20506, CVE-2018-20505, CVE-2018-20346, CVE-2015-5895, CVE-2015-3717

Security Advisory Description CVE-2018-20506 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute...

K000141090: SQLite vulnerability CVE-2020-13630

Security Advisory Description ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. CVE-2020-13630 Impact When this vulnerability is exploited, an attacker can cause SQLite to crash, resulting in a denial-of-service DoS, or possibly execu...

SQLite before 3.25.3 when the FTS3 extension is enabled encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

...

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

...

BIT-SQLITE-2020-13630

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature...

SQLite3 addresses vulnerability in packaged version of libsqlite

Summary The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4. libsqlite v3.39.4 addresses a vulnerability described as follows in the release notification: Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the...

PT-2022-28264 · Libsqlite +1 · Libsqlite +1

Name of the Vulnerable Software and Affected Versions: sqlite3 versions 1.5.0 Description: A potential vulnerability in the FTS3 extension of libsqlite has been identified, which can be exploited by an attacker with full SQL access who can construct a corrupt database with over 2GB of FTS3 conten...

SUSE: Security Advisory (SUSE-SU-2022:3401-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : sqlite (CESA-2021:4396)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4396 advisory. - sqlite: dropping of shadow tables not restricted in defensive mode CVE-2019-13750 - sqlite: fts3: improve detection of corrupted records CVE-2019-137...

sqlite security update

An update is available for sqlite. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list SQLite is a C library that implements an SQL database engine. A large subset o...

RLSA-2021:4396 Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

SUSE: Security Advisory (SUSE-SU-2019:0913-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : sqlite (CESA-2020:1810)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1810 advisory. - sqlite: fts3: improve shadow table corruption detection CVE-2019-13752 - sqlite: fts3: incorrectly removed corruption check CVE-2019-13753 - sqlite:...

Integer Overflow

SQLite is vulnerable to integer overflow. An attacker may supply a crafted changes to FTS3 shadow tables, allowing execution arbitrary code by leveraging the ability to run arbitrary SQL statements...

USN-4394-1 sqlite3 vulnerabilities

It was discovered that SQLite incorrectly handled certain corruped schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-8740 It was discovered that SQLite incorrectly handled certain SELECT statements. An attacker cou...

CVE-2020-13632

A NULL pointer dereference flaw was found in the matchinfo auxiliary function of the SQLite FTS3 extension module. This flaw allows an attacker who can execute SQL statements to crash the application, resulting in a denial of service...

CVE-2020-13630

A use-after-free vulnerability was found in the SQLite FTS3 extension module in the way it implemented the snippet function. This flaw allows an attacker who can execute SQL statements to crash the application or potentially execute arbitrary code...

SQLite Resource Management Error Vulnerability (CNVD-2020-31117)

SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A resource management error vulnerability exists in the 'snippet'...