The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SQLite

vulnerability note CVE-2019-9937

SQLite: NULL pointer dereference via FTS5 Transaction Interleaving Read

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via FTS5 Transaction Interleaving Read of SQLite, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE Leap, SQLite, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 25/03/2019.
Identifiers: CVE-2019-9937, FEDORA-2019-8641591b3c, openSUSE-SU-2019:1372-1, SUSE-SU-2019:1127-1, VIGILANCE-VUL-28844.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via FTS5 Transaction Interleaving Read of SQLite, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-2520

SQLite: buffer overflow via sqlite3_value_text

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via sqlite3_value_text() of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/01/2019.
Identifiers: 384, CVE-2017-2520, HT207797, HT207798, VIGILANCE-VUL-28256.

Description of the vulnerability

An attacker can trigger a buffer overflow via sqlite3_value_text() of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-2519

SQLite: memory corruption via Table Objects

Synthesis of the vulnerability

An attacker can trigger a memory corruption via Table Objects of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/01/2019.
Identifiers: 288, CVE-2017-2519, HT207797, HT207798, VIGILANCE-VUL-28255.

Description of the vulnerability

An attacker can trigger a memory corruption via Table Objects of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-2518

SQLite: use after free via Query Optimizer

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Query Optimizer of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 14/01/2019.
Identifiers: 199, CVE-2017-2518, HT207797, HT207798, VIGILANCE-VUL-28254.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Query Optimizer of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-8740

SQLite: NULL pointer dereference via CREATE TABLE AS

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via CREATE TABLE AS of SQLite, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Solaris, SQLite, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/03/2018.
Identifiers: bulletinjul2018, CVE-2018-8740, DLA-1633-1, FEDORA-2018-07e15ad5a5, FEDORA-2018-aace372c3f, SUSE-SU-2019:1208-1, VIGILANCE-VUL-25573.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via CREATE TABLE AS of SQLite, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-15286

SQLite: NULL pointer dereference via tableColumnList

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via tableColumnList() of SQLite, in order to trigger a denial of service.
Impacted products: Fedora, SQLite.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 13/10/2017.
Identifiers: CVE-2017-15286, FEDORA-2018-8d8f0e1643, VIGILANCE-VUL-24132.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via tableColumnList() of SQLite, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-13685

SQLite: NULL pointer dereference via dump_callback

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via dump_callback() of SQLite, in order to trigger a denial of service.
Impacted products: Fedora, SQLite.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 31/08/2017.
Identifiers: CVE-2017-13685, FEDORA-2018-8d8f0e1643, VIGILANCE-VUL-23653.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via dump_callback() of SQLite, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-7000

SQLite: information disclosure via Pointer Disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Pointer Disclosure of SQLite, in order to obtain sensitive information.
Impacted products: Mac OS X, Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SQLite, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 16/08/2017.
Identifiers: 1475207, CVE-2017-7000, DSA-3926-1, FEDORA-2017-571e659c85, FEDORA-2017-5f2b220c7c, FEDORA-2017-c708c044e3, FEDORA-2017-f79ae2b96f, HT207797, openSUSE-SU-2017:1993-1, openSUSE-SU-2017:1994-1, RHSA-2017:1833-01, VIGILANCE-VUL-23528.

Description of the vulnerability

An attacker can bypass access restrictions to data via Pointer Disclosure of SQLite, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-10989

SQLite: out-of-bounds memory reading via getNodeSize

Synthesis of the vulnerability

An attacker can force a read at an invalid address via getNodeSize() of SQLite, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Tuxedo, WebLogic, SQLite, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/07/2017.
Identifiers: 1700937, APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, cpujul2018, CVE-2017-10989, DLA-1018-1, DLA-1633-1, FEDORA-2017-357f9df699, FEDORA-2017-447e926933, FEDORA-2017-9b752904ed, HT208144, SUSE-SU-2019:1208-1, VIGILANCE-VUL-23178.

Description of the vulnerability

An attacker can force a read at an invalid address via getNodeSize() of SQLite, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 20339

SQLite: NULL pointer dereference

Synthesis of the vulnerability

An authenticated attacker can force a NULL pointer to be dereferenced in SQLite, in order to trigger a denial of service.
Impacted products: SQLite.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 09/08/2016.
Identifiers: VIGILANCE-VUL-20339.

Description of the vulnerability

The SQLite product can use SELECT queries to join tables.

The COLLATE NOCASE operator disables the case sensitive comparison for strings.

However, the usage of join functions including an integer variable with the NOCASE operator (corresponding to a non-existent COLLATE sequence because it is not a string) causes the usage of a NULL pointer.

An authenticated attacker can therefore force a NULL pointer to be dereferenced in SQLite, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SQLite: