Ghost Sqlite3 vulnerabilities

62 known vulnerabilities affecting ghost/sqlite3.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL9HIGH32MEDIUM21

Vulnerabilities

Page 2 of 4

CVE-2020-15358MEDIUMCVSS 5.5≥ 0, < 3.32.3-12020-06-27

CVE-2020-15358 [MEDIUM] CVE-2020-15358: In SQLite before 3 In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

osv

CVE-2018-8740HIGHCVSS 7.5≥ 0, < 3.11.0-1ubuntu1.5≥ 0, < 3.22.0-1ubuntu0.4+1 more2020-06-10

CVE-2018-8740 [HIGH] sqlite3 vulnerabilities sqlite3 vulnerabilities It was discovered that SQLite incorrectly handled certain corruped schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain SELECT statements. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19603) It was d

osv

CVE-2020-13871HIGHCVSS 7.5≥ 0, < 3.32.2-22020-06-06

CVE-2020-13871 [HIGH] CVE-2020-13871: SQLite 3 SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

osv

CVE-2020-13630HIGHCVSS 7.0≥ 0, < 3.32.0-12020-05-27

CVE-2020-13630 [HIGH] CVE-2020-13630: ext/fts3/fts3 ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

osv

CVE-2020-13632MEDIUMCVSS 5.5≥ 0, < 3.32.0-12020-05-27

CVE-2020-13632 [MEDIUM] CVE-2020-13632: ext/fts3/fts3_snippet ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

osv

CVE-2020-13631MEDIUMCVSS 5.5≥ 0, < 3.32.0-12020-05-27

CVE-2020-13631 [MEDIUM] CVE-2020-13631: SQLite before 3 SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

osv

CVE-2020-13435MEDIUMCVSS 5.5≥ 0, < 3.32.1-12020-05-24

CVE-2020-13435 [MEDIUM] CVE-2020-13435: SQLite through 3 SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

osv

CVE-2020-13434MEDIUMCVSS 5.5≥ 0, < 3.32.1-12020-05-24

CVE-2020-13434 [MEDIUM] CVE-2020-13434: SQLite through 3 SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

osv

CVE-2020-11656CRITICALCVSS 9.8≥ 0, < 3.32.0-12020-04-09

CVE-2020-11656 [CRITICAL] CVE-2020-11656: In SQLite through 3 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

osv

CVE-2020-11655HIGHCVSS 7.5≥ 0, < 3.31.1-52020-04-09

CVE-2020-11655 [HIGH] CVE-2020-11655: SQLite through 3 SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

osv

CVE-2020-9327HIGHCVSS 7.5≥ 0, < 3.31.1-32020-02-21

CVE-2020-9327 [HIGH] CVE-2020-9327: In SQLite 3 In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

osv

CVE-2019-19959HIGHCVSS 7.5≥ 0, < 3.30.1+fossil191229-12020-01-03

CVE-2019-19959 [HIGH] CVE-2019-19959: ext/misc/zipfile ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.

osv

CVE-2019-20218HIGHCVSS 7.5≥ 0, < 3.30.1+fossil191229-12020-01-02

CVE-2019-20218 [HIGH] CVE-2019-20218: selectExpander in select selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.

osv

CVE-2019-19925HIGHCVSS 7.5≥ 0, < 3.30.1+fossil191229-12019-12-24

CVE-2019-19925 [HIGH] CVE-2019-19925: zipfileUpdate in ext/misc/zipfile zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

osv

CVE-2019-19923HIGHCVSS 7.5≥ 0, < 3.30.1+fossil191229-12019-12-24

CVE-2019-19923 [HIGH] CVE-2019-19923: flattenSubquery in select flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

osv

CVE-2019-19924MEDIUMCVSS 5.3≥ 0, < 3.30.1+fossil191229-12019-12-24

CVE-2019-19924 [MEDIUM] CVE-2019-19924: SQLite 3 SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

osv

CVE-2019-19880HIGHCVSS 7.5≥ 0, < 3.30.1+fossil191229-12019-12-18

CVE-2019-19880 [HIGH] CVE-2019-19880: exprListAppendList in window exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

osv

CVE-2019-19603HIGHCVSS 7.5≥ 0, < 3.30.1+fossil191229-12019-12-09

CVE-2019-19603 [HIGH] CVE-2019-19603: SQLite 3 SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

osv

CVE-2019-19645MEDIUMCVSS 5.5≥ 0, < 3.30.1+fossil191229-12019-12-09

CVE-2019-19645 [MEDIUM] CVE-2019-19645: alter alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

osv

CVE-2019-19242MEDIUMCVSS 5.9≥ 0, < 3.30.1+fossil191229-12019-11-27

CVE-2019-19242 [MEDIUM] CVE-2019-19242: SQLite 3 SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

osv

← Previous2 / 4Next →