Search CVE reports


Toggle filters

41 – 50 of 81 results


CVE-2019-19959

Medium priority

Some fixes available 2 of 3

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Fixed
Show less packages

CVE-2019-19926

Medium priority

Some fixes available 4 of 5

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Not affected Fixed
Show less packages

CVE-2019-19925

Medium priority

Some fixes available 2 of 3

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Fixed
Show less packages

CVE-2019-19924

Medium priority

Some fixes available 1 of 2

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Not affected
Show less packages

CVE-2019-19923

Medium priority

Some fixes available 2 of 3

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Fixed
Show less packages

CVE-2019-19880

Medium priority

Some fixes available 1 of 2

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Not affected
Show less packages

CVE-2019-19646

Medium priority
Ignored

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite Not affected
sqlite3 Not affected
Show less packages

CVE-2019-19645

Low priority

Some fixes available 1 of 5

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

2 affected packages

sqlite3, sqlite

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Not affected Ignored
sqlite Not affected Not affected
Show less packages

CVE-2019-19603

Low priority

Some fixes available 1 of 5

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

2 affected packages

sqlite, sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite Not affected Not affected
sqlite3 Not affected Ignored
Show less packages

CVE-2019-19317

Medium priority
Not affected

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

1 affected package

sqlite3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sqlite3 Not affected
Show less packages