4856 matches found
SUSE CVE-2019-16168
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner."...
SUSE CVE-2019-19242
SQLite 3.30.1 mishandles pExpr-y.pTab, as demonstrated by the TKCOLUMN case in sqlite3ExprCodeTarget in expr.c...
SUSE CVE-2019-19244
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage...
SUSE CVE-2019-19317
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact...
SUSE CVE-2019-19603
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash...
SUSE CVE-2019-19645
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements...
SUSE CVE-2019-19646
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integritycheck PRAGMA command in certain cases of generated columns...
SUSE CVE-2019-19880
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled...
SUSE CVE-2019-19923
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference or incorrect results...
SUSE CVE-2019-19925
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive...
SUSE CVE-2019-19924
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite error handling...
SUSE CVE-2019-19926
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880...
SUSE CVE-2019-19959
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...
SUSE CVE-2019-20218
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error...
SUSE CVE-2020-6405
Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
SUSE CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations...
SUSE CVE-2020-11655
SQLite through 3.31.1 allows attackers to cause a denial of service segmentation fault via a malformed window-function query because the AggInfo object's initialization is mishandled...
SUSE CVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3strvappendf in printf.c...
SUSE CVE-2020-13435
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c...
SUSE CVE-2020-13630
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature...