mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #87
Closed mend-for-github-com[bot] closed 1 year ago
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #87
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #87
SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Vulnerabilities
Details
CVE-2019-19646
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability Detailspragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
Publish Date: 2019-12-09
URL: CVE-2019-19646
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19646
Release Date: 2019-12-09
Fix Resolution: 3.31.0
CVE-2020-11656
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsIn SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Publish Date: 2020-04-09
URL: CVE-2020-11656
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2020-04-09
Fix Resolution: version-3.32.0
CVE-2019-8457
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
Publish Date: 2019-05-30
URL: CVE-2019-8457
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.sqlite.org/releaselog/3_28_0.html
Release Date: 2019-05-30
Fix Resolution: 3.28.0
CVE-2018-20505
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
Publish Date: 2019-04-03
URL: CVE-2018-20505
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.sqlite.org/releaselog/3_26_0.html
Release Date: 2019-04-03
Fix Resolution: 3.26.0
CVE-2020-11655
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
Publish Date: 2020-04-09
URL: CVE-2020-11655
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2020-04-09
Fix Resolution: 3.32.3
CVE-2020-13630
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability Detailsext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Publish Date: 2020-05-27
URL: CVE-2020-13630
### CVSS 3 Score Details (7.0)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13630
Release Date: 2020-05-27
Fix Resolution: 3.32.0
CVE-2019-16168
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsIn SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Publish Date: 2019-09-09
URL: CVE-2019-16168
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
Release Date: 2019-09-09
Fix Resolution: 3.30.0
CVE-2020-13631
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Publish Date: 2020-05-27
URL: CVE-2020-13631
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631
Release Date: 2020-05-27
Fix Resolution: 3.32.0
CVE-2020-13632
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability Detailsext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
Publish Date: 2020-05-27
URL: CVE-2020-13632
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13632
Release Date: 2020-05-27
Fix Resolution: 3.32.0
CVE-2020-13434
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
Publish Date: 2020-05-24
URL: CVE-2020-13434
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434
Release Date: 2020-05-24
Fix Resolution: 3.32.1
CVE-2020-13435
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability DetailsSQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
Publish Date: 2020-05-24
URL: CVE-2020-13435
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435
Release Date: 2020-05-24
Fix Resolution: 3.32.1
CVE-2019-19645
### Vulnerable Library - sqlite-amalgamation3.25.3SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/sqlite/sqlite3.c
/release/src/router/sqlite/sqlite3.c
### Vulnerability Detailsalter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
Publish Date: 2019-12-09
URL: CVE-2019-19645
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645
Release Date: 2019-12-09
Fix Resolution: 3.31.0