Search CVE reports


Toggle filters

21 – 30 of 74 results


CVE-2020-13631

Low priority

Some fixes available 2 of 10

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Ignored Ignored Ignored
sqlite3 Fixed Ignored Ignored
Show less packages

CVE-2020-13630

Medium priority
Fixed

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Not affected Not affected Not affected
sqlite3 Fixed Fixed Fixed
Show less packages

CVE-2020-13435

Medium priority
Fixed

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite3 Fixed Not affected Not affected
Show less packages

CVE-2020-13434

Medium priority
Fixed

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite3 Fixed Fixed Fixed
Show less packages

CVE-2020-11656

Negligible priority
Not affected

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Not affected Not affected Not affected
sqlite3 Not affected Not affected Not affected
Show less packages

CVE-2020-11655

Low priority

Some fixes available 2 of 12

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
sqlite3 Not affected Not affected Fixed Not affected Not affected
Show less packages

CVE-2020-9327

Medium priority
Fixed

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite3 Fixed Not affected
Show less packages

CVE-2019-19959

Medium priority

Some fixes available 2 of 3

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite3 Fixed Not affected
Show less packages

CVE-2019-20218

Low priority

Some fixes available 3 of 4

selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite3 Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-19925

Medium priority

Some fixes available 2 of 3

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite3 Fixed Not affected
Show less packages