Ghost Sqlite3 vulnerabilities
62 known vulnerabilities affecting ghost/sqlite3.
Total CVEs
62
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH32MEDIUM21
Vulnerabilities
Page 3 of 4
CVE-2021-31239P3HIGHCVSS 7.5≥ 0, < 3.36.0-22023-05-09
CVE-2021-31239 [HIGH] CVE-2021-31239: An issue found in SQLite SQLite3 v
An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.
osv
CVE-2020-35525P4HIGHCVSS 7.5≥ 0, < 3.11.0-1ubuntu1.5+esm12022-09-28
CVE-2020-35525 [HIGH] sqlite3 vulnerability
sqlite3 vulnerability
USN-5615-1 fixed several vulnerabilities in SQLite. This update provides
the corresponding fix for CVE-2020-35525 for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that SQLite incorrectly handled INTERSEC query
processing. An attacker could use this issue to cause SQLite to crash,
resulting in a denial of service, or possibly execute arbitrary code.
osv
CVE-2015-3414P4HIGHCVSS 7.5≥ 0, < 3.8.9-12015-04-24
CVE-2015-3414 [HIGH] CVE-2015-3414: SQLite before 3
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
osv
CVE-2019-19924P4MEDIUMCVSS 5.3≥ 0, < 3.30.1+fossil191229-12019-12-24
CVE-2019-19924 [MEDIUM] CVE-2019-19924: SQLite 3
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
osv
CVE-2019-16168P4MEDIUMCVSS 6.5≥ 0, < 3.29.0-22019-09-09
CVE-2019-16168 [MEDIUM] CVE-2019-16168: In SQLite through 3
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
osv
CVE-2025-7709P4MEDIUMCVSS 6.9≥ 0, < 3.46.1-7+deb13u1≥ 0, < 3.46.1-82025-09-08
CVE-2025-7709 [MEDIUM] CVE-2025-7709: An integer overflow exists in the FTS5 https://sqlite
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.
osv
CVE-2020-13630P4HIGHCVSS 7.0≥ 0, < 3.32.0-12020-05-27
CVE-2020-13630 [HIGH] CVE-2020-13630: ext/fts3/fts3
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
osv
CVE-2019-19242P4MEDIUMCVSS 5.9≥ 0, < 3.30.1+fossil191229-12019-11-27
CVE-2019-19242 [MEDIUM] CVE-2019-19242: SQLite 3
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
osv
CVE-2013-7443P4MEDIUMCVSS 5.0≥ 0, < 3.8.2-1ubuntu2.12015-07-30
CVE-2013-7443 [MEDIUM] sqlite3 vulnerabilities
sqlite3 vulnerabilities
It was discovered that SQLite incorrectly handled skip-scan optimization.
An attacker could use this issue to cause applications using SQLite to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7443)
Michal Zalewski discovered that SQLite incorrectly handled dequoting of
collation-sequence names. An attacker could use this issue to cause
applic
osv
CVE-2021-20227P4MEDIUMCVSS 5.5≥ 0, < 3.34.1-12021-03-23
CVE-2021-20227 [MEDIUM] CVE-2021-20227: A flaw was found in SQLite's SELECT query functionality (src/select
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.
osv
CVE-2020-13631P4MEDIUMCVSS 5.5≥ 0, < 3.32.0-12020-05-27
CVE-2020-13631 [MEDIUM] CVE-2020-13631: SQLite before 3
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
osv
CVE-2020-15358P4MEDIUMCVSS 5.5≥ 0, < 3.32.3-12020-06-27
CVE-2020-15358 [MEDIUM] CVE-2020-15358: In SQLite before 3
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
osv
CVE-2020-13434P4MEDIUMCVSS 5.5≥ 0, < 3.32.1-12020-05-24
CVE-2020-13434 [MEDIUM] CVE-2020-13434: SQLite through 3
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
osv
CVE-2016-6153P4MEDIUMCVSS 5.9≥ 0, < 3.13.0-12016-09-26
CVE-2016-6153 [MEDIUM] CVE-2016-6153: os_unix
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
osv
CVE-2020-13435P4MEDIUMCVSS 5.5≥ 0, < 3.32.1-12020-05-24
CVE-2020-13435 [MEDIUM] CVE-2020-13435: SQLite through 3
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
osv
CVE-2020-13632P4MEDIUMCVSS 5.5≥ 0, < 3.32.0-12020-05-27
CVE-2020-13632 [MEDIUM] CVE-2020-13632: ext/fts3/fts3_snippet
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
osv
CVE-2019-19645P4MEDIUMCVSS 5.5≥ 0, < 3.30.1+fossil191229-12019-12-09
CVE-2019-19645 [MEDIUM] CVE-2019-19645: alter
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
osv
CVE-2024-0232P4MEDIUMCVSS 5.5≥ 0, < 3.43.2-12024-01-16
CVE-2024-0232 [MEDIUM] CVE-2024-0232: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
osv
CVE-2017-13685P4MEDIUMCVSS 5.5≥ 0, < 3.20.1-12017-08-29
CVE-2017-13685 [MEDIUM] CVE-2017-13685: The dump_callback function in SQLite 3
The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.
osv
CVE-2020-24736P4MEDIUMCVSS 5.5v3.27.12023-04-11
CVE-2020-24736 [MEDIUM] CWE-120 CVE-2020-24736: Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause
Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.
nvdosv