Search CVE reports
41 – 50 of 74 results
CVE-2019-19603
Low prioritySome fixes available 1 of 5
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | — | — | Not affected | Not affected | Not affected |
sqlite3 | — | — | Not affected | Ignored | Ignored |
CVE-2019-19645
Low prioritySome fixes available 1 of 5
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | — | — | Not affected | Not affected | Not affected |
sqlite3 | — | — | Not affected | Ignored | Ignored |
CVE-2019-19317
Medium prioritylookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
1 affected package
sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite3 | — | — | — | Not affected | Not affected |
CVE-2019-19242
Low prioritySQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
1 affected package
sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite3 | — | — | — | Not affected | Not affected |
CVE-2019-19244
Medium prioritysqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
2 affected packages
sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite | — | — | — | Not affected | Not affected |
sqlite3 | — | — | — | Not affected | Not affected |
CVE-2019-16168
Low priorityIn SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
1 affected package
sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite3 | — | — | — | Fixed | Fixed |
CVE-2019-5827
Low prioritySome fixes available 6 of 20
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3 affected packages
chromium-browser, sqlite, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | Not affected | Not affected | Not affected | Fixed | Fixed |
sqlite | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
sqlite3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-8457
Medium prioritySome fixes available 32 of 61
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
5 affected packages
chromium, db5.3, qtwebengine-opensource-src, sqlcipher, sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium | Not in release | Not in release | Not in release | Not in release | Not in release |
db5.3 | Fixed | Fixed | Fixed | Fixed | Fixed |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
sqlcipher | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
sqlite3 | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-5018
Low priorityAn exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution....
1 affected package
sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite3 | — | — | — | Not affected | Not affected |
CVE-2018-20506
Medium prioritySQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing...
1 affected package
sqlite3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sqlite3 | — | — | — | Fixed | Fixed |