Debian Sqlite3 vulnerabilities

CVE-2020-35525 [HIGH] CVE-2020-35525: sqlite3 - In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSE... In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. Scope: local bookworm: resolved (fixed in 3.32.0-1) bullseye: resolved (fixed in 3.32.0-1) forky: resolved (fixed in 3.32.0-1) sid: resolved (fixed in 3.32.0-1) trixie: resolved (fixed in 3.32.0-1)

CVE-2020-13434 [MEDIUM] CVE-2020-13434: sqlite3 - SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.... SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Scope: local bookworm: resolved (fixed in 3.32.1-1) bullseye: resolved (fixed in 3.32.1-1) forky: resolved (fixed in 3.32.1-1) sid: resolved (fixed in 3.32.1-1) trixie: resolved (fixed in 3.32.1-1)

CVE-2020-13435 [MEDIUM] CVE-2020-13435: sqlite3 - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.... SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. Scope: local bookworm: resolved (fixed in 3.32.1-1) bullseye: resolved (fixed in 3.32.1-1) forky: resolved (fixed in 3.32.1-1) sid: resolved (fixed in 3.32.1-1) trixie: resolved (fixed in 3.32.1-1)

CVE-2020-24736 [MEDIUM] CVE-2020-24736: sqlite3 - Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a loca... Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script. Scope: local bookworm: resolved (fixed in 3.27.2-1) bullseye: resolved (fixed in 3.27.2-1) forky: resolved (fixed in 3.27.2-1) sid: resolved (fixed in 3.27.2-1) trixie: resolved (fixed in 3.27.2-1)

CVE-2020-13632 [MEDIUM] CVE-2020-13632: sqlite3 - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference v... ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. Scope: local bookworm: resolved (fixed in 3.32.0-1) bullseye: resolved (fixed in 3.32.0-1) forky: resolved (fixed in 3.32.0-1) sid: resolved (fixed in 3.32.0-1) trixie: resolved (fixed in 3.32.0-1)

CVE-2020-15358 [MEDIUM] CVE-2020-15358: sqlite3 - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leadi... In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. Scope: local bookworm: resolved (fixed in 3.32.3-1) bullseye: resolved (fixed in 3.32.3-1) forky: resolved (fixed in 3.32.3-1) sid: resolved (fixed in 3.32.3-1) trixie: resolve

CVE-2020-13631 [MEDIUM] CVE-2020-13631: sqlite3 - SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of ... SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Scope: local bookworm: resolved (fixed in 3.32.0-1) bullseye: resolved (fixed in 3.32.0-1) forky: resolved (fixed in 3.32.0-1) sid: resolved (fixed in 3.32.0-1) trixie: resolved (fixed in 3.32.0-1)

CVE-2020-11656 [CRITICAL] CVE-2020-11656: sqlite3 - In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, a... In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. Scope: local bookworm: resolved (fixed in 3.32.0-1) bullseye: resolved (fixed in 3.32.0-1) forky: resolved (fixed in 3.32.0-1) sid: resolved (fixed in 3.32.0-1) trixie: resolved (fixed in 3.32.0-1)

CVE-2019-8457 [CRITICAL] CVE-2019-8457: db5.3 - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound re... SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. Scope: local bookworm: resolved (fixed in 5.3.28+dfsg1-0.9) bullseye: open forky: resolved (fixed in 5.3.28+dfsg1-0.9) sid: resolved (fixed in 5.3.28+dfsg1-0.9) trixie: resolved (fixed in 5.3.28+dfsg1-0.9)

CVE-2019-19923 [HIGH] CVE-2019-19923: chromium - flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT D... flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid

CVE-2019-5827 [HIGH] CVE-2019-5827: chromium - Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 al... Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) trixie: resolved

CVE-2019-5018 [HIGH] CVE-2019-5018: sqlite3 - An exploitable use after free vulnerability exists in the window function functi... An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 3.27.2-3) bullseye: res

CVE-2019-19959 [HIGH] CVE-2019-19959: sqlite3 - ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in si... ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. Scope: local bookworm: resolved (fixed in 3.30.1+fossil191229-1) bullseye: resolved (fixed in 3.30.1+fossil191229-1) forky: resolved (fixed in 3.

CVE-2019-19603 [HIGH] CVE-2019-19603: sqlite3 - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, lead... SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. Scope: local bookworm: resolved (fixed in 3.30.1+fossil191229-1) bullseye: resolved (fixed in 3.30.1+fossil191229-1) forky: resolved (fixed in 3.30.1+fossil191229-1) sid: resolved (fixed in 3.30.1+fossil191229-1) trixie: resolved (fixed in 3.30.1+fossil191229

CVE-2019-19880 [HIGH] CVE-2019-19880: chromium - exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an i... exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed i

CVE-2019-20218 [HIGH] CVE-2019-20218: sqlite3 - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding e... selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. Scope: local bookworm: resolved (fixed in 3.30.1+fossil191229-1) bullseye: resolved (fixed in 3.30.1+fossil191229-1) forky: resolved (fixed in 3.30.1+fossil191229-1) sid: resolved (fixed in 3.30.1+fossil191229-1) trixie: resolved (fixed in 3.30.1+fossil191229-1

CVE-2019-19925 [HIGH] CVE-2019-19925: chromium - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname ... zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) trixie: resolved (fixed in 80.0.3987.106-1)

CVE-2019-19926 [HIGH] CVE-2019-19926: chromium - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsin... multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.1

CVE-2019-19645 [MEDIUM] CVE-2019-19645: sqlite3 - alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion ... alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. Scope: local bookworm: resolved (fixed in 3.30.1+fossil191229-1) bullseye: resolved (fixed in 3.30.1+fossil191229-1) forky: resolved (fixed in 3.30.1+fossil191229-1) sid: resolved (fixed in 3.30.1+f

CVE-2019-19924 [MEDIUM] CVE-2019-19924: sqlite3 - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbea... SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. Scope: local bookworm: resolved (fixed in 3.30.1+fossil191229-1) bullseye: resolved (fixed in 3.30.1+fossil191229-1) forky: resolved (fixed in 3.30.1+fossil191229-1) sid: resolved (fixed in 3.30.1+fo