cbcvebase.

Ghost Sqlite3 vulnerabilities

62 known vulnerabilities affecting ghost/sqlite3.

Total CVEs
62
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH32MEDIUM21

Vulnerabilities

Page 1 of 4
CVE-2025-6965P2MEDIUMCVSS 5.5PoC≥ 0, < 3.8.2-1ubuntu2.2+esm5≥ 0, < 3.11.0-1ubuntu1.5+esm3+2 more2025-07-29
CVE-2025-6965 [MEDIUM] sqlite3 vulnerabilities sqlite3 vulnerabilities It was discovered that SQLite incorrectly handled aggregate terms. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-6965) It was discovered that SQLite incorrectly handled certain argument values to sqlite3_db_config(). An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbi
osv
CVE-2019-8457P3CRITICALCVSS 9.8≥ 0, < 3.27.2-32019-05-30
CVE-2019-8457 [CRITICAL] CVE-2019-8457: SQLite3 from 3 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
osv
CVE-2018-20346P3HIGHCVSS 8.1≥ 0, < 3.25.3-12018-12-21
CVE-2018-20346 [HIGH] CVE-2018-20346: SQLite before 3 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
osv
CVE-2018-20506P3HIGHCVSS 8.1≥ 0, < 3.25.3-12019-04-03
CVE-2018-20506 [HIGH] CVE-2018-20506: SQLite before 3 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
osv
CVE-2025-3277P3MEDIUMCVSS 6.9≥ 0, < 3.46.1-32025-04-14
CVE-2025-3277 [MEDIUM] CVE-2025-3277: An integer overflow can be triggered in SQLite’s `concat_ws()` function An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
osv
CVE-2019-5018P3HIGHCVSS 8.1≥ 0, < 3.27.2-32019-05-10
CVE-2019-5018 [HIGH] CVE-2019-5018: An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3 An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.
osv
CVE-2022-43441P3CRITICALCVSS 9.8≥ 5.0.0, < 5.1.52023-03-16
CVE-2022-43441 [CRITICAL] CWE-915 CVE-2022-43441: A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation no A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability.
ghsanvdosv
CVE-2022-35737P3HIGHCVSS 7.5≥ 0, < 3.39.2-12022-08-03
CVE-2022-35737 [HIGH] CVE-2022-35737: SQLite 1 SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
osv
CVE-2017-2518P3CRITICALCVSS 9.8≥ 0, < 3.15.2-12017-05-22
CVE-2017-2518 [CRITICAL] CVE-2017-2518: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
osv
CVE-2017-2520P3CRITICALCVSS 9.8≥ 0, < 3.16.2-12017-05-22
CVE-2017-2520 [CRITICAL] CVE-2017-2520: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
osv
CVE-2019-13734P3HIGHCVSS 8.8≥ 0, < 3.8.2-1ubuntu2.2+esm22020-08-03
CVE-2019-13734 [HIGH] sqlite3 vulnerabilities sqlite3 vulnerabilities USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13752, CVE-2019-13753) It was disco
osv
CVE-2017-2519P3CRITICALCVSS 9.8≥ 0, < 3.16.0-12017-05-22
CVE-2017-2519 [CRITICAL] CVE-2017-2519: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.
osv
CVE-2020-11656P3CRITICALCVSS 9.8≥ 0, < 3.32.0-12020-04-09
CVE-2020-11656 [CRITICAL] CVE-2020-11656: In SQLite through 3 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
osv
CVE-2025-7458P3MEDIUMCVSS 6.9≥ 0, < 3.42.0-12025-07-29
CVE-2025-7458 [MEDIUM] CVE-2025-7458: An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3 An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.
osv
CVE-2017-10989P3CRITICALCVSS 9.8≥ 0, < 3.19.3-32017-07-07
CVE-2017-10989 [CRITICAL] CVE-2017-10989: The getNodeSize function in ext/rtree/rtree The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
osv
CVE-2023-7104P3HIGHCVSS 7.3≥ 0, < 3.22.0-1ubuntu0.7+esm12024-06-26
CVE-2023-7104 [HIGH] sqlite3 vulnerability sqlite3 vulnerability USN-6566-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2023-7104 for Ubuntu 18.04 LTS. Original advisory details: It was discovered that SQLite incorrectly handled certain memory operations in the sessions extension. A remote attacker could possibly use this issue to cause SQLite to crash, resulting in a denial of service.
osv
CVE-2021-36690P3HIGHCVSS 7.5≥ 0, < 3.34.1-3+deb11u1≥ 0, < 3.36.0-22021-08-24
CVE-2021-36690 [HIGH] CVE-2021-36690: A segmentation fault can occur in the sqlite3 A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
osv
CVE-2017-2513P3CRITICALCVSS 9.8≥ 0, < 3.15.2-12017-05-22
CVE-2017-2513 [CRITICAL] CVE-2017-2513: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.
osv
CVE-2020-35527P3CRITICALCVSS 9.8≥ 0, < 3.32.0-12022-09-01
CVE-2020-35527 [CRITICAL] CVE-2020-35527: In SQLite 3 In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
osv
CVE-2019-5827P3HIGHCVSS 8.8≥ 0, < 3.27.2-32019-06-27
CVE-2019-5827 [HIGH] CVE-2019-5827: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74 Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
osv
Ghost Sqlite3 vulnerabilities | cvebase