Search CVE reports
1 – 10 of 88 results
An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service....
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 4 of 12
SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with...
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 4 of 12
SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database...
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | Not in release | Not affected | Not affected | Not affected |
| sqlite3 | — | Not affected | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references...
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | Not in release | Not affected | Not affected | Not affected |
| sqlite3 | — | Fixed | Fixed | Fixed | Fixed |
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data...
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | Not in release | Not affected | Not affected | Not affected |
| sqlite3 | — | Fixed | Not affected | Not affected | Not affected |
An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive...
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlite3 | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 9 of 10
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2...
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | Not in release | Not in release | Not affected | Not affected | Not affected |
| sqlite3 | Fixed | Fixed | Fixed | Fixed | Fixed |
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original,...
2 affected packages
sqlite, sqlite3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sqlite | — | Not in release | Not affected | Not affected | Not affected |
| sqlite3 | — | Fixed | Not affected | Not affected | Not affected |