Sqlite

Sqlite

63 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-57141

Exploit
  • EPSS 0.38%
  • Veröffentlicht 08.09.2025 00:00:00
  • Zuletzt bearbeitet 12.09.2025 20:57:24

rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.

9.1

CVE-2025-7458

  • EPSS 0.04%
  • Veröffentlicht 29.07.2025 12:43:19
  • Zuletzt bearbeitet 11.08.2025 19:11:30

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from proces...

9.8

CVE-2025-6965

Medienbericht
  • EPSS 0.04%
  • Veröffentlicht 15.07.2025 13:44:00
  • Zuletzt bearbeitet 22.07.2025 17:06:21

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

9.8

CVE-2025-3277

  • EPSS 0.09%
  • Veröffentlicht 14.04.2025 16:50:48
  • Zuletzt bearbeitet 18.08.2025 21:28:16

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a...

5.5

CVE-2025-29088

  • EPSS 0.02%
  • Veröffentlicht 10.04.2025 14:15:27
  • Zuletzt bearbeitet 30.09.2025 16:59:27

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocation...

7.5

CVE-2025-29087

  • EPSS 0.04%
  • Veröffentlicht 07.04.2025 00:00:00
  • Zuletzt bearbeitet 30.04.2025 12:43:22

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an in...

5.5

CVE-2024-0232

Exploit
  • EPSS 0.02%
  • Veröffentlicht 16.01.2024 14:15:48
  • Zuletzt bearbeitet 21.11.2024 08:46:06

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a...

7.3

CVE-2023-7104

Exploit
  • EPSS 0.11%
  • Veröffentlicht 29.12.2023 10:15:13
  • Zuletzt bearbeitet 21.11.2024 08:45:17

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-base...

7.5

CVE-2021-31239

Exploit
  • EPSS 4.86%
  • Veröffentlicht 09.05.2023 02:15:08
  • Zuletzt bearbeitet 05.05.2025 17:17:03

An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.

7.3

CVE-2022-46908

Exploit
  • EPSS 0.08%
  • Veröffentlicht 12.12.2022 06:15:10
  • Zuletzt bearbeitet 05.05.2025 16:15:22

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.