Information on source package sqlite3

Available versions

ReleaseVersion
stretch3.16.2-5+deb9u1
stretch (security)3.16.2-5+deb9u2
buster3.27.2-3
bullseye3.33.0-1
sid3.33.0-1

Open issues

BugstretchbusterbullseyesidDescription
CVE-2020-9794undeterminedundeterminedundeterminedundeterminedAn out-of-bounds read was addressed with improved bounds checking. Thi ...
CVE-2020-9327fixedvulnerable (no DSA)fixedfixedIn SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...
CVE-2020-15358fixedvulnerable (no DSA)fixedfixedIn SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...
CVE-2020-13871fixedvulnerablefixedfixedSQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...
CVE-2020-13632fixedvulnerablefixedfixedext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...
CVE-2020-13631fixedvulnerablefixedfixedSQLite before 3.32.0 allows a virtual table to be renamed to the name ...
CVE-2020-13630fixedvulnerablefixedfixedext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...
CVE-2020-13435fixedvulnerable (no DSA)fixedfixedSQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarge ...
CVE-2020-13434fixedvulnerable (no DSA)fixedfixedSQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf ...
CVE-2020-11655fixedvulnerable (no DSA)fixedfixedSQLite through 3.31.1 allows attackers to cause a denial of service (s ...
CVE-2019-8457vulnerable (no DSA)fixedfixedfixedSQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o ...
CVE-2019-20218fixedvulnerable (no DSA)fixedfixedselectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...
CVE-2019-19959fixedvulnerable (no DSA)fixedfixedext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT ...
CVE-2019-19925fixedvulnerable (no DSA)fixedfixedzipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...
CVE-2019-19924fixedvulnerable (no DSA)fixedfixedSQLite 3.30.1 mishandles certain parser-tree rewriting, related to exp ...
CVE-2019-19923fixedvulnerable (no DSA)fixedfixedflattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...
CVE-2019-19645fixedvulnerable (no DSA)fixedfixedalter.c in SQLite through 3.30.1 allows attackers to trigger infinite ...
CVE-2019-19603fixedvulnerable (no DSA)fixedfixedSQLite 3.30.1 mishandles certain SELECT statements with a nonexistent ...
CVE-2019-19244fixedvulnerable (no DSA)fixedfixedsqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...
CVE-2019-19242fixedvulnerable (no DSA)fixedfixedSQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_C ...
CVE-2019-16168fixedvulnerable (no DSA)fixedfixedIn SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2020-11656vulnerablevulnerablefixedfixedIn SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...
CVE-2017-13685vulnerablefixedfixedfixedThe dump_callback function in SQLite 3.20.0 allows remote attackers to ...

Resolved issues

BugDescription
TEMP-0566326-9A899Fsqlite: info leak
CVE-2019-9937In SQLite 3.27.2, interleaving reads and writes in a single transactio ...
CVE-2019-9936In SQLite 3.27.2, running fts5 prefix queries inside a transaction cou ...
CVE-2019-5827Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3 ...
CVE-2019-5018An exploitable use after free vulnerability exists in the window funct ...
CVE-2019-19926multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...
CVE-2019-19880exprListAppendList in window.c in SQLite 3.30.1 allows attackers to tr ...
CVE-2019-19646pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_ ...
CVE-2019-19317lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed b ...
CVE-2018-8740In SQLite through 3.22.0, databases whose schema is corrupted using a ...
CVE-2018-20506SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...
CVE-2018-20505SQLite 3.25.2, when queries are run on a table with a malformed PRIMAR ...
CVE-2018-20346SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...
CVE-2017-2520An issue was discovered in certain Apple products. iOS before 10.3.2 i ...
CVE-2017-2519An issue was discovered in certain Apple products. iOS before 10.3.2 i ...
CVE-2017-2518An issue was discovered in certain Apple products. iOS before 10.3.2 i ...
CVE-2017-2513An issue was discovered in certain Apple products. iOS before 10.3.2 i ...
CVE-2017-15286SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in she ...
CVE-2017-10989The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3 ...
CVE-2016-6153os_unix.c in SQLite before 3.13.0 improperly implements the temporary ...
CVE-2015-3416The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does n ...
CVE-2015-3415The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not ...
CVE-2015-3414SQLite before 3.8.9 does not properly implement the dequoting of colla ...
CVE-2013-7443Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows r ...

Security announcements

DSA / DLADescription
DLA-2340-1sqlite3 - security update
DLA-2221-1sqlite3 - security update
DLA-2203-1sqlite3 - security update
DLA-1633-1sqlite3 - security update
DLA-1613-1sqlite3 - security update
DLA-1018-1sqlite3 - security update
DLA-543-1sqlite3 - security update
DSA-3252-2sqlite3 - security update
DSA-3252-1sqlite3 - security update

Search for package or bug name: Reporting problems