sqlite -- integer overflow

[email protected] reports: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in...

ROS-20250403-03

Vulnerability of SQLite hints and ETRN serialization functions of Exim mail server is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sendi...

Linux Distros Unpatched Vulnerability : CVE-2020-13631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. CVE-2020-13631 Note that Ness...

Linux Distros Unpatched Vulnerability : CVE-2019-20218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. CVE-2019-20218 Note that Nessus relies on the presenc...

PT-2025-15279

Name of the Vulnerable Software and Affected Versions Sqlite version 3.49.0 Description The issue is related to an integer overflow in the concat function. Recommendations For Sqlite version 3.49.0, at the moment, there is no information about a newer version that contains a fix for this...

PT-2025-16260

Name of the Vulnerable Software and Affected Versions: SQLite affected versions not specified Description: An integer overflow can be triggered in SQLite's concat ws function, leading to a Heap Buffer overflow of size 4GB, which can result in arbitrary code execution. This occurs because the...

CVE-2022-24854

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

F5 Networks BIG-IP : SQLite vulnerability (K000148494)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000148494 advisory. SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c...

Photon OS 4.0: Sqlite PHSA-2022-4.0-0216

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0216. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

In SQLite through 3.31.1 the ALTER TABLE implementation has a use-after-free as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

...

SQLite before 3.25.3 when the FTS3 extension is enabled encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

...

Ubuntu 14.04 LTS : SQLite vulnerability (USN-5615-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5615-3 advisory. USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Tenable has extracted the...

Ubuntu 18.04 LTS : SQLite vulnerability (USN-6566-2)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6566-2 advisory. USN-6566-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2023-7104 for Ubuntu 18.04 LTS. Tenable has extracted the...

RHEL 8 : sqlite (RHSA-2024:1107)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1107 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk...

SQLite Cross-Site Scripting Vulnerability

SQLite is a lightweight database that is ACID compliant relational database management system. A security vulnerability exists in sqlite. A remote attacker can exploit the vulnerability to modify repository parameters...

Important: nss

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

Important: polkit

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

Important: nss

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

Amazon Linux 2023 : polkit, polkit-devel, polkit-libs (ALAS2023-2024-508)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-508 advisory. A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make...

Important: nss

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...