Shodan
Vulnerabilities
Vulnerable Software
Sqlite:  >> Sqlite  Security Vulnerabilities
CVE-2020-11656
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVSS Score
9.8
EPSS Score
0.111
Published
2020-04-09
CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-02-21
CVE-2019-19959
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-01-03
CVE-2019-20218
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-01-02
CVE-2019-19925
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVSS Score
7.5
EPSS Score
0.122
Published
2019-12-24
CVE-2019-19923
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
CVSS Score
7.5
EPSS Score
0.139
Published
2019-12-24
CVE-2019-19924
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
CVSS Score
5.3
EPSS Score
0.109
Published
2019-12-24
CVE-2019-19926
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
CVSS Score
7.5
EPSS Score
0.111
Published
2019-12-23
CVE-2019-19880
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
CVSS Score
7.5
EPSS Score
0.112
Published
2019-12-18
CVE-2019-19603
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-12-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved