Sqlite

Sqlite

68 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.57%
  • Veröffentlicht 09.12.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:35:07

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

  • EPSS 4.28%
  • Veröffentlicht 05.12.2019 14:15:09
  • Zuletzt bearbeitet 21.11.2024 04:34:33

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

  • EPSS 2.54%
  • Veröffentlicht 27.11.2019 17:15:14
  • Zuletzt bearbeitet 21.11.2024 04:34:23

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

  • EPSS 3.33%
  • Veröffentlicht 25.11.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:34:24

sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.

  • EPSS 4.25%
  • Veröffentlicht 09.09.2019 17:15:13
  • Zuletzt bearbeitet 28.05.2026 19:16:30

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

  • EPSS 45.43%
  • Veröffentlicht 30.05.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:49:56

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Exploit
  • EPSS 6.68%
  • Veröffentlicht 10.05.2019 19:29:07
  • Zuletzt bearbeitet 21.11.2024 04:44:11

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send ...

  • EPSS 7.53%
  • Veröffentlicht 03.04.2019 18:29:01
  • Zuletzt bearbeitet 21.11.2024 04:01:37

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to exe...

Exploit
  • EPSS 6.77%
  • Veröffentlicht 03.04.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:37

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

  • EPSS 5.67%
  • Veröffentlicht 22.03.2019 08:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:37

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.