sqlite3 (SUSE:Linux Enterprise Server 12 SP4-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP4-LTSS package sqlite3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (31)
CVE-2019-19317 — CVSS 9.8 (critical): lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to…
CVE-2017-10989 — CVSS 9.8 (critical): The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree…
CVE-2017-2518 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is…
CVE-2019-19646 — CVSS 9.8 (critical): pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
CVE-2019-8457 — CVSS 9.8 (critical): SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree…
CVE-2018-20346 — CVSS 8.1 (high): SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries…
CVE-2019-19603 — CVSS 7.5 (high): SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
CVE-2021-36690 — CVSS 7.5 (high): A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a…
CVE-2019-19880 — CVSS 7.5 (high): exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values…
CVE-2019-19923 — CVSS 7.5 (high): flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side…
CVE-2020-9327 — CVSS 7.5 (high): In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of…
CVE-2019-19925 — CVSS 7.5 (high): zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVE-2019-19926 — CVSS 7.5 (high): multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite()…
CVE-2019-19959 — CVSS 7.5 (high): ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames…
CVE-2019-20218 — CVSS 7.5 (high): selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
CVE-2015-3415 — CVSS 7.5 (high): The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows…
CVE-2015-3414 — CVSS 7.5 (high): SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to…
CVE-2018-8740 — CVSS 7.5 (high): In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference…
CVE-2022-35737 — CVSS 7.5 (high): SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to…
CVE-2019-19244 — CVSS 7.5 (high): sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain…
CVE-2022-46908 — CVSS 7.3 (high): SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the…
CVE-2020-13630 — CVSS 7.0 (high): ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CVE-2019-16168 — CVSS 6.5 (medium): In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a…
CVE-2016-6153 — CVSS 5.9 (medium): os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain…
CVE-2020-13632 — CVSS 5.5 (medium): ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
CVE-2019-19645 — CVSS 5.5 (medium): alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction…
CVE-2020-15358 — CVSS 5.5 (medium): In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse…
CVE-2020-13631 — CVSS 5.5 (medium): SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2019-19924 — CVSS 5.3 (medium): SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect…