The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SQLite

computer vulnerability note CVE-2019-5018

SQLite: use after free via Window

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Window of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: SQLite.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/05/2019.
Identifiers: CVE-2019-5018, TALOS-2019-0777, VIGILANCE-VUL-29269.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Window of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 29061

SQLite: code execution via Optional Extensions

Synthesis of the vulnerability

An attacker can use a vulnerability via Optional Extensions of SQLite, in order to run code.
Impacted products: SQLite.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 17/04/2019.
Identifiers: VIGILANCE-VUL-29061.

Description of the vulnerability

An attacker can use a vulnerability via Optional Extensions of SQLite, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-9937

SQLite: NULL pointer dereference via FTS5 Transaction Interleaving Read

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via FTS5 Transaction Interleaving Read of SQLite, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE Leap, Solaris, SQLite, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 25/03/2019.
Identifiers: bulletinapr2019, CVE-2019-9937, FEDORA-2019-8641591b3c, FEDORA-2019-a01751837d, openSUSE-SU-2019:1372-1, SUSE-SU-2019:1127-1, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28844.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via FTS5 Transaction Interleaving Read of SQLite, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-9936

SQLite: out-of-bounds memory reading via FTS5 Transaction Prefix Queries

Synthesis of the vulnerability

An attacker can force a read at an invalid address via FTS5 Transaction Prefix Queries of SQLite, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, Solaris, SQLite, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 25/03/2019.
Identifiers: bulletinapr2019, CVE-2019-9936, FEDORA-2019-8641591b3c, FEDORA-2019-a01751837d, openSUSE-SU-2019:1372-1, SUSE-SU-2019:1127-1, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28843.

Description of the vulnerability

An attacker can force a read at an invalid address via FTS5 Transaction Prefix Queries of SQLite, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-2520

SQLite: buffer overflow via sqlite3_value_text

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via sqlite3_value_text() of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/01/2019.
Identifiers: 384, CVE-2017-2520, HT207797, HT207798, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28256.

Description of the vulnerability

An attacker can trigger a buffer overflow via sqlite3_value_text() of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-2519

SQLite: memory corruption via Table Objects

Synthesis of the vulnerability

An attacker can trigger a memory corruption via Table Objects of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/01/2019.
Identifiers: 288, CVE-2017-2519, HT207797, HT207798, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28255.

Description of the vulnerability

An attacker can trigger a memory corruption via Table Objects of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-2518

SQLite: use after free via Query Optimizer

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Query Optimizer of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 14/01/2019.
Identifiers: 199, CVE-2017-2518, HT207797, HT207798, USN-4019-1, USN-4019-2, VIGILANCE-VUL-28254.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Query Optimizer of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-8740

SQLite: NULL pointer dereference via CREATE TABLE AS

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via CREATE TABLE AS of SQLite, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, SQLite, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/03/2018.
Identifiers: bulletinjul2018, CVE-2018-8740, DLA-1633-1, FEDORA-2018-07e15ad5a5, FEDORA-2018-aace372c3f, openSUSE-SU-2019:1426-1, SUSE-SU-2019:1208-1, SUSE-SU-2019:1522-1, VIGILANCE-VUL-25573.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via CREATE TABLE AS of SQLite, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-15286

SQLite: NULL pointer dereference via tableColumnList

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via tableColumnList() of SQLite, in order to trigger a denial of service.
Impacted products: Fedora, SQLite.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 13/10/2017.
Identifiers: CVE-2017-15286, FEDORA-2018-8d8f0e1643, VIGILANCE-VUL-24132.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via tableColumnList() of SQLite, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-13685

SQLite: NULL pointer dereference via dump_callback

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via dump_callback() of SQLite, in order to trigger a denial of service.
Impacted products: Fedora, SQLite, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 31/08/2017.
Identifiers: CVE-2017-13685, FEDORA-2018-8d8f0e1643, USN-4019-1, USN-4019-2, VIGILANCE-VUL-23653.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via dump_callback() of SQLite, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SQLite: