sqlite
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | A C library that implements an SQL database engine |
| Version | 3.46.1-1 [core] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2318 | 3.36.0-1 | 3.37.0-1 | Low | Fixed | |
| AVG-1536 | 3.34.0-1 | 3.34.1-1 | Medium | Fixed | |
| AVG-1182 | 3.32.2-1 | 3.32.3-1 | High | Fixed | |
| AVG-840 | 3.25.3-1 | 3.26.0-1 | Critical | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-36690 | AVG-2318 | Low | No | Denial of service | ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a... |
| CVE-2021-20227 | AVG-1536 | Medium | No | Arbitrary code execution | There is a flaw in sqlite's SELECT query functionality (src/select.c) before version 3.34.1. An attacker who is capable of running SQL queries locally on... |
| CVE-2020-13871 | AVG-1182 | High | No | Arbitrary code execution | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. |
| CVE-2018-20346 | AVG-840 | Critical | Yes | Arbitrary code execution | SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 28 Jun 2020 | ASA-202006-11 | AVG-1182 | High | arbitrary code execution |