Sqlite

Sqlite

63 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-8457

  • EPSS 27.14%
  • Published 30.05.2019 16:29:01
  • Last modified 21.11.2024 04:49:56

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

8.1

CVE-2019-5018

Exploit
  • EPSS 2.99%
  • Published 10.05.2019 19:29:07
  • Last modified 21.11.2024 04:44:11

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send ...

8.1

CVE-2018-20506

  • EPSS 12.7%
  • Published 03.04.2019 18:29:01
  • Last modified 21.11.2024 04:01:37

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to exe...

7.5

CVE-2018-20505

Exploit
  • EPSS 14.18%
  • Published 03.04.2019 18:29:00
  • Last modified 21.11.2024 04:01:37

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

7.5

CVE-2019-9937

  • EPSS 3.16%
  • Published 22.03.2019 08:29:00
  • Last modified 21.11.2024 04:52:37

In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.

7.5

CVE-2019-9936

  • EPSS 3.42%
  • Published 22.03.2019 08:29:00
  • Last modified 21.11.2024 04:52:37

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.

8.1

CVE-2018-20346

Exploit
  • EPSS 17.56%
  • Published 21.12.2018 21:29:00
  • Last modified 21.11.2024 04:01:17

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by l...

7.5

CVE-2018-8740

  • EPSS 12.22%
  • Published 17.03.2018 00:29:00
  • Last modified 21.11.2024 04:14:14

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.

7.5

CVE-2017-15286

Exploit
  • EPSS 0.44%
  • Published 12.10.2017 08:29:00
  • Last modified 20.04.2025 01:37:25

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.

5.5

CVE-2017-13685

  • EPSS 0.38%
  • Published 29.08.2017 06:29:00
  • Last modified 20.04.2025 01:37:25

The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.