CVE-2020-11656
https://notcve.org/view.php?id=CVE-2020-11656
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. En SQLite versiones hasta 3.31.1, la implementación de ALTER TABLE presenta un uso de la memoria previamente liberada, como es demostrado por una cláusula ORDER BY que pertenece a una sentencia SELECT compuesta. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200416-0001 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.sqlite.org/src/info/d09f8c3621d5 • CWE-416: Use After Free •
CVE-2020-9327 – sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations
https://notcve.org/view.php?id=CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. En SQLite versión 3.31.1, la función isAuxiliaryVtabOperator permite a atacantes desencadenar una desreferencia del puntero NULL y un fallo de segmentación debido a las optimizaciones de columna generadas. A NULL pointer dereference was found in SQLite in the way it executes select statements with column optimizations. An attacker who is able to execute SQL statements can use this flaw to crash the application. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://security.gentoo.org/glsa/202003-16 https://security.netapp.com/advisory/ntap-20200313-0002 https://usn.ubuntu.com/4298-1 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.sqlite.org/cgi/src/info/4374860b29383380 https://www.sqlite. • CWE-476: NULL Pointer Dereference •
CVE-2019-19959 – sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames
https://notcve.org/view.php?id=CVE-2019-19959
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. El archivo ext/misc/zipfile.c en SQLite versión 3.30.1, maneja inapropiadamente ciertos usos de INSERT INTO en situaciones que involucran caracteres "\0" insertados en los nombres de archivo, conllevando a un error de administración de memoria que puede ser detectado por valgrind (por ejemplo). • https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1 https://security.netapp.com/advisory/ntap-20200204-0001 https://usn.ubuntu.com/4298-1 https://www.oracle.com/security-alerts/cpuapr2020.html https://access.redhat.com/security/cve/CVE-2019-19959 https://bugzilla.redhat.com/show_bug.cgi?id=1789595 • CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVE-2019-20218 – sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error
https://notcve.org/view.php?id=CVE-2019-20218
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. La función selectExpander en el archivo select.c en SQLite versión 3.30.1, continúa con el despliegue de la pila WITH incluso después de un error de análisis. • https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387 https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.debian.org/debian-lts-announce/2020/12/msg00016.html https://security.gentoo.org/glsa/202007-26 https://usn.ubuntu.com/4298-1 https://www.oracle.com/security-alerts/cpuapr2020.html https://access.redhat.com/security/cve/CVE-2019-20218 https://bugzilla.redhat.com/show_bug.cgi?id=1791313 • CWE-391: Unchecked Error Condition CWE-755: Improper Handling of Exceptional Conditions •
CVE-2019-19925 – sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive
https://notcve.org/view.php?id=CVE-2019-19925
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. La función zipfileUpdate en el archivo ext/misc/zipfile.c en SQLite versión 3.30.1, maneja inapropiadamente un nombre de ruta NULL durante una actualización de un archivo ZIP. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618 https://security.netapp.com/advisory/ntap-20200114-0003 https://usn.ubuntu.com/4298-1 https • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •