SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVSS Score
5.5
EPSS Score
0.01
Published
2020-05-24
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
CVSS Score
5.5
EPSS Score
0.006
Published
2020-05-24
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVSS Score
7.5
EPSS Score
0.051
Published
2020-04-09
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVSS Score
9.8
EPSS Score
0.074
Published
2020-04-09
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
CVSS Score
9.8
EPSS Score
0.054
Published
2019-12-09
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
CVSS Score
5.5
EPSS Score
0.006
Published
2019-12-09
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVSS Score
6.5
EPSS Score
0.044
Published
2019-09-09
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
CVSS Score
9.8
EPSS Score
0.454
Published
2019-05-30
Page 2