Information on source package sqlite3

Available versions

ReleaseVersion
jessie3.8.7.1-1+deb8u2
jessie (security)3.8.7.1-1+deb8u6
stretch3.16.2-5+deb9u1
buster3.27.2-3
bullseye3.31.1-5
sid3.32.3-1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2020-9794undeterminedundeterminedundeterminedundeterminedundeterminedAn out-of-bounds read was addressed with improved bounds checking. Thi ...
CVE-2020-9327fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedIn SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...
CVE-2020-15358fixedfixedvulnerablevulnerablefixedIn SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...
CVE-2020-13871fixedvulnerablevulnerablevulnerablefixedSQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...
CVE-2020-13632fixedvulnerablevulnerablevulnerablefixedext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...
CVE-2020-13631vulnerable (no DSA)vulnerablevulnerablevulnerablefixedSQLite before 3.32.0 allows a virtual table to be renamed to the name ...
CVE-2020-13630fixedvulnerablevulnerablevulnerablefixedext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...
CVE-2020-13435fixedfixedvulnerable (no DSA)vulnerablefixedSQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarge ...
CVE-2020-13434fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablefixedSQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf ...
CVE-2020-11655fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedSQLite through 3.31.1 allows attackers to cause a denial of service (s ...
CVE-2019-9937fixedvulnerable (no DSA)fixedfixedfixedIn SQLite 3.27.2, interleaving reads and writes in a single transactio ...
CVE-2019-9936fixedvulnerable (no DSA)fixedfixedfixedIn SQLite 3.27.2, running fts5 prefix queries inside a transaction cou ...
CVE-2019-8457vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedSQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o ...
CVE-2019-5827vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedInteger overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3 ...
CVE-2019-20218vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedselectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...
CVE-2019-19959fixedfixedvulnerable (no DSA)fixedfixedext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT ...
CVE-2019-19925fixedfixedvulnerable (no DSA)fixedfixedzipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...
CVE-2019-19924fixedfixedvulnerable (no DSA)fixedfixedSQLite 3.30.1 mishandles certain parser-tree rewriting, related to exp ...
CVE-2019-19923fixedfixedvulnerable (no DSA)fixedfixedflattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...
CVE-2019-19645vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedalter.c in SQLite through 3.30.1 allows attackers to trigger infinite ...
CVE-2019-19603vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedSQLite 3.30.1 mishandles certain SELECT statements with a nonexistent ...
CVE-2019-19244fixedfixedvulnerable (no DSA)fixedfixedsqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...
CVE-2019-19242fixedfixedvulnerable (no DSA)fixedfixedSQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_C ...
CVE-2019-16168vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...
CVE-2018-8740fixedvulnerable (no DSA)fixedfixedfixedIn SQLite through 3.22.0, databases whose schema is corrupted using a ...
CVE-2018-20506vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedSQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...
CVE-2018-20505fixedvulnerable (no DSA)fixedfixedfixedSQLite 3.25.2, when queries are run on a table with a malformed PRIMAR ...
CVE-2018-20346fixedvulnerable (no DSA)fixedfixedfixedSQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2020-11656vulnerablevulnerablevulnerablevulnerablefixedIn SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...
CVE-2017-13685vulnerablevulnerablefixedfixedfixedThe dump_callback function in SQLite 3.20.0 allows remote attackers to ...

Resolved issues

BugDescription
TEMP-0566326-9A899Fsqlite: info leak
CVE-2019-5018An exploitable use after free vulnerability exists in the window funct ...
CVE-2019-19926multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...
CVE-2019-19880exprListAppendList in window.c in SQLite 3.30.1 allows attackers to tr ...
CVE-2019-19646pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_ ...
CVE-2019-19317lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed b ...
CVE-2017-2520An issue was discovered in certain Apple products. iOS before 10.3.2 i ...
CVE-2017-2519An issue was discovered in certain Apple products. iOS before 10.3.2 i ...
CVE-2017-2518An issue was discovered in certain Apple products. iOS before 10.3.2 i ...
CVE-2017-2513An issue was discovered in certain Apple products. iOS before 10.3.2 i ...
CVE-2017-15286SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in she ...
CVE-2017-10989The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3 ...
CVE-2016-6153os_unix.c in SQLite before 3.13.0 improperly implements the temporary ...
CVE-2015-3416The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does n ...
CVE-2015-3415The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not ...
CVE-2015-3414SQLite before 3.8.9 does not properly implement the dequoting of colla ...
CVE-2013-7443Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows r ...

Security announcements

DSA / DLADescription
DLA-2221-1sqlite3 - security update
DLA-2203-1sqlite3 - security update
DLA-1633-1sqlite3 - security update
DLA-1613-1sqlite3 - security update
DLA-1018-1sqlite3 - security update
DLA-543-1sqlite3 - security update
DSA-3252-2sqlite3 - security update
DSA-3252-1sqlite3 - security update

Search for package or bug name: Reporting problems