CVE-2022-35737 – sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API
https://notcve.org/view.php?id=CVE-2022-35737
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. SQLite versiones 1.0.12 hasta 3.39.x anteriores a 3.39.2, permite a veces un desbordamiento de límites de matriz si son usados miles de millones de bytes en un argumento de cadena para una API de C An array-bounds overflow vulnerability was discovered in SQLite. The vulnerability occurs when handling an overly large input passed as a string argument to some of the C-language APIs provided by SQLite. This flaw allows a remote attacker to pass specially crafted large input to the application and perform a denial of service (DoS) attack. • https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api https://kb.cert.org/vuls/id/720344 https://security.gentoo.org/glsa/202210-40 https://security.netapp.com/advisory/ntap-20220915-0009 https://sqlite.org/releaselog/3_39_2.html https://www.sqlite.org/cves.html https://access.redhat.com/security/cve/CVE-2022-35737 https://bugzilla.redhat.com/show_bug.cgi?id=2110291 • CWE-129: Improper Validation of Array Index •
CVE-2021-45346
https://notcve.org/view.php?id=CVE-2021-45346
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. ** EN DISPUTA ** Se presenta una vulnerabilidad de pérdida de memoria en SQLite Project SQLite3 versiones 3.35.1 y 3.37.0 por medio de consultas SQL diseñadas de forma maliciosa (realizadas por medio de la edición del archivo de la base de datos), es posible consultar un registro, y filtrar los bytes de memoria subsiguientes que son extendidos más allá del registro, lo que podría permitir a un usuario malicioso obtener información confidencial. NOTA: El desarrollador disputa esto como una vulnerabilidad afirmando que si le das a SQLite un archivo de base de datos corrupto y envías una consulta contra la base de datos, podría leer partes de la base de datos que no pretendías o esperabas • https://github.com/guyinatuxedo/sqlite3_record_leaking https://security.netapp.com/advisory/ntap-20220303-0001 https://sqlite.org/forum/forumpost/056d557c2f8c452ed5 https://sqlite.org/forum/forumpost/53de8864ba114bf6 https://www.sqlite.org/cves.html#status_of_recent_sqlite_cves • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-36690
https://notcve.org/view.php?id=CVE-2021-36690
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. ** EN DISPUTA ** Puede producirse un fallo de segmentación en el componente command-line sqlite3.exe de SQLite versión 3.36.0 por medio de la función idxGetTableInfo cuando hay una consulta SQL manipulada. NOTA: el proveedor disputa la relevancia de este informe porque un usuario de sqlite3.exe ya tiene privilegios completos (por ejemplo, se le permite intencionadamente ejecutar comandos). Este informe NO implica ningún problema en la biblioteca SQLite. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/39 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/47 http://seclists.org/fulldisclosure/2022/Oct/49 https://support.apple.com/kb/HT213446 https://support.apple.com/kb/HT213486 https://support.apple.com/kb/HT213487 https://support.apple.com/kb/HT213488 https://www.sqlite.org/forum/forumpost/718c0a8d17 •
CVE-2021-20227
https://notcve.org/view.php?id=CVE-2021-20227
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. Se encontró un fallo en la funcionalidad de consulta SELECT de SQLite (src/select.c). Este fallo permite a un atacante que es capaz de ejecutar consultas SQL localmente en la base de datos SQLite causar una denegación de servicio o una posible ejecución de código desencadenando un uso de la memoria previamente liberada. • https://bugzilla.redhat.com/show_bug.cgi?id=1924886 https://security.gentoo.org/glsa/202103-04 https://security.gentoo.org/glsa/202210-40 https://security.netapp.com/advisory/ntap-20210423-0010 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.sqlite.org/releaselog/3_34_1.html • CWE-416: Use After Free •
CVE-2020-15358 – sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c
https://notcve.org/view.php?id=CVE-2020-15358
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. En SQLite versiones anteriores a 3.32.3, el archivo select.c maneja inapropiadamente la optimización query-flattener, conllevando a un desbordamiento de la pila de multiSelectOrderBy debido al uso inapropiado de las propiedades transitivas para la propagación constante A heap buffer overflow was found in SQLite in the query flattening optimization technique. This flaw allows an attacker to execute SQL statements to crash the application, resulting in a denial of service. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 http://seclists.org/fulldisclosure/2021/Feb/14 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200709-0001 https://support.apple.com/kb/HT211843 https://support.apple.com/kb/HT211844 https • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •