Shodan
Vulnerabilities
Vulnerable Software
Sqlite:  >> Sqlite  >> 3.15.2  Security Vulnerabilities
CVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVSS Score
5.5
EPSS Score
0.01
Published
2020-05-24
CVE-2020-13435
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
CVSS Score
5.5
EPSS Score
0.006
Published
2020-05-24
CVE-2020-11655
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVSS Score
7.5
EPSS Score
0.051
Published
2020-04-09
CVE-2020-11656
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVSS Score
9.8
EPSS Score
0.074
Published
2020-04-09
CVE-2019-19646
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
CVSS Score
9.8
EPSS Score
0.054
Published
2019-12-09
CVE-2019-19645
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
CVSS Score
5.5
EPSS Score
0.006
Published
2019-12-09
CVE-2019-16168
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVSS Score
6.5
EPSS Score
0.044
Published
2019-09-09
CVE-2019-8457
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
CVSS Score
9.8
EPSS Score
0.454
Published
2019-05-30
CVE-2018-20506
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
CVSS Score
8.1
EPSS Score
0.075
Published
2019-04-03
CVE-2018-20505
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
CVSS Score
7.5
EPSS Score
0.068
Published
2019-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved