The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SQLite

computer vulnerability note CVE-2019-8457

SQLite: out-of-bounds memory reading via rtreenode

Synthesis of the vulnerability

An attacker can force a read at an invalid address via rtreenode() of SQLite, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, RSA Authentication Manager, SQLite, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/06/2019.
Identifiers: CVE-2019-8457, DSA-2019-133, FEDORA-2019-02b81266b7, FEDORA-2019-3377813d18, openSUSE-SU-2019:1645-1, SUSE-SU-2019:14083-1, SUSE-SU-2019:14120-1, SUSE-SU-2019:1522-1, SUSE-SU-2019:1601-1, USN-4004-1, USN-4004-2, USN-4019-1, USN-4019-2, VIGILANCE-VUL-29449.

Description of the vulnerability

An attacker can force a read at an invalid address via rtreenode() of SQLite, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-5018

SQLite: use after free via Window

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Window of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: SQLite.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/05/2019.
Identifiers: CVE-2019-5018, TALOS-2019-0777, VIGILANCE-VUL-29269.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Window of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 29061

SQLite: code execution via Optional Extensions

Synthesis of the vulnerability

An attacker can use a vulnerability via Optional Extensions of SQLite, in order to run code.
Impacted products: SQLite.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 17/04/2019.
Identifiers: VIGILANCE-VUL-29061.

Description of the vulnerability

An attacker can use a vulnerability via Optional Extensions of SQLite, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-9937

SQLite: NULL pointer dereference via FTS5 Transaction Interleaving Read

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via FTS5 Transaction Interleaving Read of SQLite, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE Leap, Solaris, SQLite, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 25/03/2019.
Identifiers: bulletinapr2019, CVE-2019-9937, FEDORA-2019-8641591b3c, FEDORA-2019-a01751837d, openSUSE-SU-2019:1372-1, SUSE-SU-2019:1127-1, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28844.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via FTS5 Transaction Interleaving Read of SQLite, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-9936

SQLite: out-of-bounds memory reading via FTS5 Transaction Prefix Queries

Synthesis of the vulnerability

An attacker can force a read at an invalid address via FTS5 Transaction Prefix Queries of SQLite, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, Solaris, SQLite, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 25/03/2019.
Identifiers: bulletinapr2019, CVE-2019-9936, FEDORA-2019-8641591b3c, FEDORA-2019-a01751837d, openSUSE-SU-2019:1372-1, SUSE-SU-2019:1127-1, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28843.

Description of the vulnerability

An attacker can force a read at an invalid address via FTS5 Transaction Prefix Queries of SQLite, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-2520

SQLite: buffer overflow via sqlite3_value_text

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via sqlite3_value_text() of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/01/2019.
Identifiers: 384, CVE-2017-2520, HT207797, HT207798, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28256.

Description of the vulnerability

An attacker can trigger a buffer overflow via sqlite3_value_text() of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-2519

SQLite: memory corruption via Table Objects

Synthesis of the vulnerability

An attacker can trigger a memory corruption via Table Objects of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/01/2019.
Identifiers: 288, CVE-2017-2519, HT207797, HT207798, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28255.

Description of the vulnerability

An attacker can trigger a memory corruption via Table Objects of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-2518

SQLite: use after free via Query Optimizer

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Query Optimizer of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 14/01/2019.
Identifiers: 199, CVE-2017-2518, HT207797, HT207798, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28254.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Query Optimizer of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-20346 CVE-2018-20505 CVE-2018-20506

SQLite, Chrome: memory corruption via FTS3 Query

Synthesis of the vulnerability

An attacker can generate a memory corruption via a FTS3 query of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, FreeBSD, Android OS, Chrome, openSUSE Leap, Opera, RHEL, SQLite, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/12/2018.
Identifiers: CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, DLA-1613-1, DSA-4352-1, FEDORA-2018-5f91fbf4fd, FEDORA-2018-ccbe8b931c, FEDORA-2019-49f80a78bc, FreeBSD-EN-19:03.sqlite, HT209443, HT209446, Magellan, openSUSE-SU-2018:4056-1, openSUSE-SU-2018:4122-1, openSUSE-SU-2018:4142-1, openSUSE-SU-2018:4143-1, openSUSE-SU-2019:1159-1, openSUSE-SU-2019:1222-1, RHSA-2018:3803-01, SUSE-SU-2019:0913-1, SUSE-SU-2019:0973-1, SUSE-SU-2019:14003-1, Synology-SA-18:61, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28027.

Description of the vulnerability

The FTS3/FTS4 extension of SQLite can be used to create tables with text indexes.

However, a series of special SQL queries using FTS3 triggers a memory corruption in the ext/fts3/fts3.c file. An access to a SQL session is thus needed for the attacker.

It can be noted that the Chrome browser supports SQL queries via WebSQL implemented with SQLite, so it is also vulnerable via a web page.

An attacker can therefore generate a memory corruption via a FTS3 query of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-8740

SQLite: NULL pointer dereference via CREATE TABLE AS

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via CREATE TABLE AS of SQLite, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, SQLite, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/03/2018.
Identifiers: bulletinjul2018, CVE-2018-8740, DLA-1633-1, FEDORA-2018-07e15ad5a5, FEDORA-2018-aace372c3f, FEDORA-2019-49f80a78bc, openSUSE-SU-2019:1426-1, SUSE-SU-2019:1208-1, SUSE-SU-2019:1522-1, VIGILANCE-VUL-25573.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via CREATE TABLE AS of SQLite, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SQLite: