CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46488
https://notcve.org/view.php?id=CVE-2024-46488
25 Sep 2024 — sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. • https://github.com/VulnSphere/LLMVulnSphere/blob/main/VectorDB/sqlite-vec/OOBR_2.md • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2024-0232 – Sqlite: use-after-free bug in jsonparseaddnodearray
https://notcve.org/view.php?id=CVE-2024-0232
16 Jan 2024 — A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. Se identificó un problema de uso después de la liberación del montón en SQLite en la función jsonParseAddNodeArray() en sqlite3.c. Este fallo permite que un atacante local aproveche a una víctima para que pase entradas ... • https://access.redhat.com/security/cve/CVE-2024-0232 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-7104 – SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
https://notcve.org/view.php?id=CVE-2023-7104
25 Dec 2023 — A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2023-32697 – Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled
https://notcve.org/view.php?id=CVE-2023-32697
23 May 2023 — SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. • https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 1CVE-2021-31239 – Gentoo Linux Security Advisory 202311-03
https://notcve.org/view.php?id=CVE-2021-31239
09 May 2023 — An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. Multiple vulnerabilities have been discovered in SQLite, the worst of which may lead to code execution. Versions greater than or equal to 3.42.0 are affected. • https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/CVE-2021-31239 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-46908 – Gentoo Linux Security Advisory 202311-03
https://notcve.org/view.php?id=CVE-2022-46908
12 Dec 2022 — SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. SQLite hasta 3.40.0, cuando depende de --safe para la ejecución de un script CLI que no es de confianza, no implementa correctamente el mecanismo de protección azProhibitedFunctions y, en su lugar, permite funciones UDF como WRITEFILE. It was discovered that SQLite incorrectly handled certain pr... • https://news.ycombinator.com/item?id=33948588 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35525 – sqlite: Null pointer derreference in src/select.c
https://notcve.org/view.php?id=CVE-2020-35525
01 Sep 2022 — In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. En SQlite versión 3.31.1, se encontró una potencial desreferencia de puntero null en el procesamiento de consultas INTERSEC A NULL pointer dereference flaw was found in select.c of SQLite. An out-of-memory error occurs while an early out on the INTERSECT query is processing. This flaw allows an attacker to execute a potential NULL pointer dereference. Red Hat Advanced Cluster Management for Kubernetes 2.4.8 i... • https://security.netapp.com/advisory/ntap-20230706-0007 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35527 – sqlite: Out of bounds access during table rename
https://notcve.org/view.php?id=CVE-2020-35527
01 Sep 2022 — In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. En SQLite versión 3.31.1, se presenta un problema de acceso fuera de límites mediante ALTER TABLE para las vistas que tienen una cláusula FROM anidada An out-of-bounds read vulnerability was found in SQLite. This security flaw occurs when the ALTER TABLE for views has a nested FROM clause. This flaw allows an attacker to triage an out-of-bounds read and access confidential data successful... • https://security.netapp.com/advisory/ntap-20221111-0007 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 58%CPEs: 5EXPL: 3CVE-2022-35737 – sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API
https://notcve.org/view.php?id=CVE-2022-35737
03 Aug 2022 — SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. SQLite versiones 1.0.12 hasta 3.39.x anteriores a 3.39.2, permite a veces un desbordamiento de límites de matriz si son usados miles de millones de bytes en un argumento de cadena para una API de C An array-bounds overflow vulnerability was discovered in SQLite. The vulnerability occurs when handling an overly large input passed as a string argument to some of t... • https://github.com/gmh5225/CVE-2022-35737 • CWE-129: Improper Validation of Array Index •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-45346
https://notcve.org/view.php?id=CVE-2021-45346
14 Feb 2022 — A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that yo... • https://github.com/guyinatuxedo/sqlite3_record_leaking • CWE-401: Missing Release of Memory after Effective Lifetime •