Security update for sqlite3 (moderate)

openSUSE Security Update: Security update for sqlite3 Announcement ID: openSUSE-SU-2019:1426-1 Rating: moderate References: 1085790 1132045 Cross-References: CVE-2017-10989 CVE-2018-8740 Affected Products: openSUSE Leap 42.3 An update that fixes two vulnerabilities is now available. Description:...

openSUSE: Security Advisory for sqlite3 (openSUSE-SU-2019:1426-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

sqlite3/ossfuzz: Use-of-uninitialized-value in accessPayload

Detailed report: https://oss-fuzz.com/testcase?key=5638835947438080 Project: sqlite3 Fuzzer: libFuzzersqlite3ossfuzz Fuzz target binary: ossfuzz Job Type: libfuzzermsansqlite3 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: accessPayload vdbeMemFromBtreeResiz...

sqlite3/ossfuzz: Use-of-uninitialized-value in sqlite3VdbeMemValidStrRep

Detailed report: https://oss-fuzz.com/testcase?key=5678870243573760 Project: sqlite3 Fuzzer: libFuzzersqlite3ossfuzz Fuzz target binary: ossfuzz Job Type: libfuzzermsansqlite3 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: sqlite3VdbeMemValidStrRep...

openSUSE Security Update : sqlite3 (openSUSE-2019-1372)

This update for sqlite3 to version 3.28.0 fixes the following issues : Security issues fixed : - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction bsc1130326. - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes ...

SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:1208-1)

This update for sqlite3 fixes the following issues : Security issue fixed : CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas bsc1085790. CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize bsc1132045. Note that Tenable Network Security has...

openSUSE: Security Advisory for sqlite3 (openSUSE-SU-2019:1372-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-5018

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

CVE-2019-5018

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

Design/Logic Flaw

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

CVE-2019-5018

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

CVE-2019-5018

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

CVE-2019-5018

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

CVE-2019-5018

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

CVE-2019-5018

CVE-2019-5018 is a SQLite vulnerability in the window function code (SQLite 3.26.0) that allows a specially crafted SQL to trigger a use-after-free, potentially enabling remote code execution. The issue is documented across multiple advisories (Debian, Alpine, Gentoo, Cloud Foundry, IBM Watson St...

SUSE-SU-2019:1208-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas bsc1085790. - CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize bsc1132045...

OPENSUSE-SU-2019:1372-1 Security update for sqlite3

This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction bsc1130326. - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in...

Security update for sqlite3 (moderate)

openSUSE Security Update: Security update for sqlite3 Announcement ID: openSUSE-SU-2019:1372-1 Rating: moderate References: 1130325 1130326 Cross-References: CVE-2019-9936 CVE-2019-9937 Affected Products: openSUSE Leap 15.0 An update that fixes two vulnerabilities is now available. Description:...

Sqlite3 Window Function Remote Code Execution Vulnerability

Summary An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

sqlite3 -- use after free

MITRE reports: An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigg...