CVE-2023-7104 – SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
https://notcve.org/view.php?id=CVE-2023-7104
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP https://security.netapp.com/advisory/ntap-20240112-0008 https://sqlite.org/forum/forumpost/5bcbf4571c https://sqlite.org/src/info/0e4e7a05c4204b47 https://vuldb.com/?ctiid.248999 https://vuldb.com/?id.248999 https://access.redhat.com/security/cve/CVE-2023-7104 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2021-31239
https://notcve.org/view.php?id=CVE-2021-31239
An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. • https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/CVE-2021-31239 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI https://security.gentoo.org/glsa/202311-03 https://security.netapp.com/advisory/ntap-20230609-0010 https://www.sqlite.org/cves.html https://www.sqlite.org/forum/forumpost/d9fce1a89b • CWE-125: Out-of-bounds Read •
CVE-2022-46908
https://notcve.org/view.php?id=CVE-2022-46908
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. SQLite hasta 3.40.0, cuando depende de --safe para la ejecución de un script CLI que no es de confianza, no implementa correctamente el mecanismo de protección azProhibitedFunctions y, en su lugar, permite funciones UDF como WRITEFILE. • https://news.ycombinator.com/item?id=33948588 https://security.gentoo.org/glsa/202311-03 https://security.netapp.com/advisory/ntap-20230203-0005 https://sqlite.org/forum/forumpost/07beac8056151b2f https://sqlite.org/src/info/cefc032473ac5ad2 •
CVE-2020-35527 – sqlite: Out of bounds access during table rename
https://notcve.org/view.php?id=CVE-2020-35527
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. En SQLite versión 3.31.1, se presenta un problema de acceso fuera de límites mediante ALTER TABLE para las vistas que tienen una cláusula FROM anidada An out-of-bounds read vulnerability was found in SQLite. This security flaw occurs when the ALTER TABLE for views has a nested FROM clause. This flaw allows an attacker to triage an out-of-bounds read and access confidential data successfully. • https://security.netapp.com/advisory/ntap-20221111-0007 https://www.sqlite.org/src/info/c431b3fd8fd0f6a6 https://access.redhat.com/security/cve/CVE-2020-35527 https://bugzilla.redhat.com/show_bug.cgi?id=2122329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-35525 – sqlite: Null pointer derreference in src/select.c
https://notcve.org/view.php?id=CVE-2020-35525
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. En SQlite versión 3.31.1, se encontró una potencial desreferencia de puntero null en el procesamiento de consultas INTERSEC A NULL pointer dereference flaw was found in select.c of SQLite. An out-of-memory error occurs while an early out on the INTERSECT query is processing. This flaw allows an attacker to execute a potential NULL pointer dereference. • https://security.netapp.com/advisory/ntap-20230706-0007 https://www.sqlite.org/src/info/a67cf5b7d37d5b14 https://access.redhat.com/security/cve/CVE-2020-35525 https://bugzilla.redhat.com/show_bug.cgi?id=2122324 • CWE-476: NULL Pointer Dereference •