Search CVE reports


Toggle filters

1 – 10 of 74 results


CVE-2024-0232

Medium priority
Not affected

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application,...

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Not in release Not affected Not affected Not affected Not affected
sqlite3 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-7104

Medium priority
Fixed

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler....

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Not in release Not affected Not affected Not affected Not affected
sqlite3 Not affected Fixed Fixed Fixed Not affected
Show less packages

CVE-2021-31239

Medium priority
Not affected

An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Not affected Not affected Not affected Not affected
sqlite3 Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-24736

Medium priority
Needs evaluation

Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
sqlite3 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-43441

Medium priority
Needs evaluation

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious...

1 affected package

node-sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-sqlite3 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-46908

Low priority

Some fixes available 1 of 2

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Not affected Not affected Not affected Not affected
sqlite3 Fixed Not affected Not affected Not affected
Show less packages

CVE-2020-35527

Medium priority

Some fixes available 1 of 4

In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Not affected Not affected Not affected Not affected
sqlite3 Not affected Fixed Ignored Ignored
Show less packages

CVE-2020-35525

Medium priority

Some fixes available 4 of 5

In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Not in release Not affected Not affected Not affected Not affected
sqlite3 Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2022-35737

Medium priority

Some fixes available 5 of 6

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sqlite Not in release Not affected Not affected Not affected Vulnerable
sqlite3 Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-21227

Medium priority
Needs evaluation

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

1 affected package

node-sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-sqlite3 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages