19 matches found
EUVD-2020-6079
Malware in sbrugna...
sqlite: Null pointer derreference in src/select.c
A NULL pointer dereference flaw was found in select.c of SQLite. An out-of-memory error occurs while an early out on the INTERSECT query is processing. This flaw allows an attacker to execute a potential NULL pointer dereference...
NewStart CGSL MAIN 6.02 : sqlite Multiple Vulnerabilities (NS-SA-2022-0052)
The remote NewStart CGSL host, running version MAIN 6.02, has sqlite packages installed that are affected by multiple vulnerabilities: - SQLite through 3.32.0 has an integer overflow in sqlite3strvappendf in printf.c. CVE-2020-13434 - In SQLite before 3.32.3, select.c mishandles query-flattener...
ASB-A-192606047
In resetAccumulator of select.c, there is a possible use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c
A heap buffer overflow was found in SQLite in the query flattening optimization technique. This flaw allows an attacker to execute SQL statements to crash the application, resulting in a denial of service...
Use-After-Free
sqlite3 is vulnerable to use-after-free. The vulnerability exists in resetAccumulator in select.c due to the parse tree rewrite for window functions is too late...
sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error...
Denial Of Service (DoS)
sqlite3 is vulnerable to denial of service DoS. The vulnerability exists as the WITH stack continues to unwind even after a parsing error in selectExpander in select.c...
CVE-2020-15358
CVE-2020-15358 (SQLite) affects the SQLite library, specifically the query engine path in select.c where the query-flattener optimization mishandles constant propagation for multiSelectOrderBy. The root cause is a mishandling of transitive properties during constant propagation, leading to a heap...
CVE-2020-13871
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...
SQLite Resource Management Error Vulnerability (CNVD-2020-36618)
SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A resource management error vulnerability exists in the resetAccumulato...
CVE-2020-13871
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...
Design/Logic Flaw
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...
CVE-2020-13871
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...
CVE-2020-13871
SQLite 3.32.2 is affected by a use-after-free in resetAccumulator (select.c) due to a late parse tree rewrite for window functions. Impact could include a crash or arbitrary code execution. Remediation: upgrade to SQLite 3.32.3 or later (fix upstream).
CVE-2020-13871
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...
Sql injection
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage...
Design/Logic Flaw
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service daemon crash or hang via a client disconnection during listin...
CUPS文件描述符处理远程拒绝服务漏洞
BUGTRAQ ID: 37048 CVE ID: CVE-2009-3553 Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS的scheduler/select.c文件中的cupsdDoSelect函数在处理其文件描述符处理接口中引用的方式存在释放后使用错误,远程攻击者可以通过以特殊方式查询特定打印机的当前打印任务列表导致cupsd崩溃。 Easy Software Products CUPS 1.3.7...