4.3

CVE-2021-45346

Exploit
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SqliteSqlite Version3.35.1
SqliteSqlite Version3.37.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.61% 0.728
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://github.com/guyinatuxedo/sqlite3_record_leaking
Third Party Advisory
Exploit
https://security.netapp.com/advisory/ntap-20220303-0001/
Third Party Advisory
https://sqlite.org/forum/forumpost/056d557c2f8c452ed5
Vendor Advisory
https://sqlite.org/forum/forumpost/53de8864ba114bf6
Vendor Advisory
https://www.sqlite.org/cves.html#status_of_recent_sqlite_cves
Vendor Advisory