CVE-2023-7104 – SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
https://notcve.org/view.php?id=CVE-2023-7104
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP https://security.netapp.com/advisory/ntap-20240112-0008 https://sqlite.org/forum/forumpost/5bcbf4571c https://sqlite.org/src/info/0e4e7a05c4204b47 https://vuldb.com/?ctiid.248999 https://vuldb.com/?id.248999 https://access.redhat.com/security/cve/CVE-2023-7104 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2021-31239
https://notcve.org/view.php?id=CVE-2021-31239
An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. • https://github.com/Tsiming/Vulnerabilities/blob/main/SQLite/CVE-2021-31239 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI https://security.gentoo.org/glsa/202311-03 https://security.netapp.com/advisory/ntap-20230609-0010 https://www.sqlite.org/cves.html https://www.sqlite.org/forum/forumpost/d9fce1a89b • CWE-125: Out-of-bounds Read •
CVE-2022-35737 – sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API
https://notcve.org/view.php?id=CVE-2022-35737
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. SQLite versiones 1.0.12 hasta 3.39.x anteriores a 3.39.2, permite a veces un desbordamiento de límites de matriz si son usados miles de millones de bytes en un argumento de cadena para una API de C An array-bounds overflow vulnerability was discovered in SQLite. The vulnerability occurs when handling an overly large input passed as a string argument to some of the C-language APIs provided by SQLite. This flaw allows a remote attacker to pass specially crafted large input to the application and perform a denial of service (DoS) attack. • https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api https://kb.cert.org/vuls/id/720344 https://security.gentoo.org/glsa/202210-40 https://security.netapp.com/advisory/ntap-20220915-0009 https://sqlite.org/releaselog/3_39_2.html https://www.sqlite.org/cves.html https://access.redhat.com/security/cve/CVE-2022-35737 https://bugzilla.redhat.com/show_bug.cgi?id=2110291 • CWE-129: Improper Validation of Array Index •
CVE-2021-45346
https://notcve.org/view.php?id=CVE-2021-45346
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. ** EN DISPUTA ** Se presenta una vulnerabilidad de pérdida de memoria en SQLite Project SQLite3 versiones 3.35.1 y 3.37.0 por medio de consultas SQL diseñadas de forma maliciosa (realizadas por medio de la edición del archivo de la base de datos), es posible consultar un registro, y filtrar los bytes de memoria subsiguientes que son extendidos más allá del registro, lo que podría permitir a un usuario malicioso obtener información confidencial. NOTA: El desarrollador disputa esto como una vulnerabilidad afirmando que si le das a SQLite un archivo de base de datos corrupto y envías una consulta contra la base de datos, podría leer partes de la base de datos que no pretendías o esperabas • https://github.com/guyinatuxedo/sqlite3_record_leaking https://security.netapp.com/advisory/ntap-20220303-0001 https://sqlite.org/forum/forumpost/056d557c2f8c452ed5 https://sqlite.org/forum/forumpost/53de8864ba114bf6 https://www.sqlite.org/cves.html#status_of_recent_sqlite_cves • CWE-401: Missing Release of Memory after Effective Lifetime •