sqlite

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A C library that implements an SQL database engine
Version 3.36.0-1 [core]

Open

Group Affected Fixed Severity Status Ticket
AVG-2318 3.36.0-1 Low Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-36690 AVG-2318 Low No Denial of service
** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1536 3.34.0-1 3.34.1-1 Medium Fixed
AVG-1182 3.32.2-1 3.32.3-1 High Fixed
AVG-840 3.25.3-1 3.26.0-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2021-20227 AVG-1536 Medium No Arbitrary code execution
There is a flaw in sqlite's SELECT query functionality (src/select.c) before version 3.34.1. An attacker who is capable of running SQL queries locally on...
CVE-2020-13871 AVG-1182 High No Arbitrary code execution
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2018-20346 AVG-840 Critical Yes Arbitrary code execution
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after...

Advisories

Date Advisory Group Severity Type
28 Jun 2020 ASA-202006-11 AVG-1182 High arbitrary code execution