Debian Sqlite3 vulnerabilities

CVE-2025-6965 [HIGH] CVE-2025-6965: sqlite3 - There exists a vulnerability in SQLite versions before 3.50.2 where the number o... There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. Scope: local bookworm: resolved (fixed in 3.40.1-2+deb12u2) bullseye: open forky: resolved (fixed in 3.46.1-7) sid: resolved (fix

CVE-2025-7458 [MEDIUM] CVE-2025-7458: sqlite3 - An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite version... An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause. Scope: local bookwo

CVE-2025-7709 [MEDIUM] CVE-2025-7709: sqlite3 - An integer overflow exists in the FTS5 https://sqlite.org/fts5.html  extension.... An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds. Scope: local bookworm: open bullseye: resolved forky: resolved (fixed in 3.46.1-8) sid: resolved (fixed in

CVE-2025-29088 [MEDIUM] CVE-2025-29088: sqlite3 - In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in... In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.46.1-4) sid: resolved (fi

CVE-2025-29087 [LOW] CVE-2025-29087: sqlite3 - In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can ... In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory. Sco

CVE-2025-70873 [HIGH] CVE-2025-70873: sqlite3 - An information disclosure issue in the zipfileInflate function in the zipfile ex... An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-3277 [MEDIUM] CVE-2025-3277: sqlite3 - An integer overflow can be triggered in SQLite’s `concat_ws()` function. The res... An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution. Scope: local bo

CVE-2024-0232 [MEDIUM] CVE-2024-0232: sqlite3 - A heap use-after-free issue has been identified in SQLite in the jsonParseAddNod... A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed i

CVE-2023-7104 [MEDIUM] CVE-2023-7104: sqlite3 - A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as criti... A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerabili

CVE-2022-46908 [HIGH] CVE-2022-46908: sqlite3 - SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI ... SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. Scope: local bookworm: resolved (fixed in 3.40.0-2) bullseye: resolved forky: resolved (fixed in 3.40.0-2) sid: resolved (fixed in 3.40.0-2) trixie: res

CVE-2022-35737 [HIGH] CVE-2022-35737: sqlite3 - SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds over... SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. Scope: local bookworm: resolved (fixed in 3.39.2-1) bullseye: open forky: resolved (fixed in 3.39.2-1) sid: resolved (fixed in 3.39.2-1) trixie: resolved (fixed in 3.39.2-1)

CVE-2021-31239 [HIGH] CVE-2021-31239: sqlite3 - An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause... An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. Scope: local bookworm: resolved (fixed in 3.36.0-2) bullseye: resolved forky: resolved (fixed in 3.36.0-2) sid: resolved (fixed in 3.36.0-2) trixie: resolved (fixed in 3.36.0-2)

CVE-2021-20227 [MEDIUM] CVE-2021-20227: sqlite3 - A flaw was found in SQLite's SELECT query functionality (src/select.c). This fla... A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed

CVE-2021-36690 [HIGH] CVE-2021-36690: sqlite3 - A segmentation fault can occur in the sqlite3.exe command-line component of SQLi... A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the

CVE-2021-45346 [MEDIUM] CVE-2021-45346: sqlite3 - A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 v... A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerabil

CVE-2020-35527 [CRITICAL] CVE-2020-35527: sqlite3 - In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE f... In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. Scope: local bookworm: resolved (fixed in 3.32.0-1) bullseye: resolved (fixed in 3.32.0-1) forky: resolved (fixed in 3.32.0-1) sid: resolved (fixed in 3.32.0-1) trixie: resolved (fixed in 3.32.0-1)

CVE-2020-9327 [HIGH] CVE-2020-9327: sqlite3 - In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL poi... In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. Scope: local bookworm: resolved (fixed in 3.31.1-3) bullseye: resolved (fixed in 3.31.1-3) forky: resolved (fixed in 3.31.1-3) sid: resolved (fixed in 3.31.1-3) trixie: resolved (fixed in 3.31.1-3)

CVE-2020-11655 [HIGH] CVE-2020-11655: sqlite3 - SQLite through 3.31.1 allows attackers to cause a denial of service (segmentatio... SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. Scope: local bookworm: resolved (fixed in 3.31.1-5) bullseye: resolved (fixed in 3.31.1-5) forky: resolved (fixed in 3.31.1-5) sid: resolved (fixed in 3.31.1-5) trixie: resolved (fix

CVE-2020-13871 [HIGH] CVE-2020-13871: sqlite3 - SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the p... SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. Scope: local bookworm: resolved (fixed in 3.32.2-2) bullseye: resolved (fixed in 3.32.2-2) forky: resolved (fixed in 3.32.2-2) sid: resolved (fixed in 3.32.2-2) trixie: resolved (fixed in 3.32.2-2)

CVE-2020-13630 [HIGH] CVE-2020-13630: sqlite3 - ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow,... ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Scope: local bookworm: resolved (fixed in 3.32.0-1) bullseye: resolved (fixed in 3.32.0-1) forky: resolved (fixed in 3.32.0-1) sid: resolved (fixed in 3.32.0-1) trixie: resolved (fixed in 3.32.0-1)