Chiencc / asuswrt-gt-ac5300

asuswrt-gt-ac5300
Other
0 stars 0 forks source link

sqlite-amalgamation3.25.3: 12 vulnerabilities (highest severity is: 9.8) - autoclosed #86

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (sqlite-amalgamation3.25.3 version) Remediation Available
CVE-2019-19646 Critical 9.8 sqlite-amalgamation3.25.3 Direct 3.31.0
CVE-2020-11656 Critical 9.8 sqlite-amalgamation3.25.3 Direct version-3.32.0
CVE-2019-8457 Critical 9.8 sqlite-amalgamation3.25.3 Direct 3.28.0
CVE-2018-20505 High 7.5 sqlite-amalgamation3.25.3 Direct 3.26.0
CVE-2020-11655 High 7.5 sqlite-amalgamation3.25.3 Direct 3.32.3
CVE-2020-13630 High 7.0 sqlite-amalgamation3.25.3 Direct 3.32.0
CVE-2019-16168 Medium 6.5 sqlite-amalgamation3.25.3 Direct 3.30.0
CVE-2020-13631 Medium 5.5 sqlite-amalgamation3.25.3 Direct 3.32.0
CVE-2020-13632 Medium 5.5 sqlite-amalgamation3.25.3 Direct 3.32.0
CVE-2020-13434 Medium 5.5 sqlite-amalgamation3.25.3 Direct 3.32.1
CVE-2020-13435 Medium 5.5 sqlite-amalgamation3.25.3 Direct 3.32.1
CVE-2019-19645 Medium 5.5 sqlite-amalgamation3.25.3 Direct 3.31.0

Details

CVE-2019-19646 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

Publish Date: 2019-12-09

URL: CVE-2019-19646

### CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19646

Release Date: 2019-12-09

Fix Resolution: 3.31.0

CVE-2020-11656 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

Publish Date: 2020-04-09

URL: CVE-2020-11656

### CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2020-04-09

Fix Resolution: version-3.32.0

CVE-2019-8457 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Publish Date: 2019-05-30

URL: CVE-2019-8457

### CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.sqlite.org/releaselog/3_28_0.html

Release Date: 2019-05-30

Fix Resolution: 3.28.0

CVE-2018-20505 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

Publish Date: 2019-04-03

URL: CVE-2018-20505

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.sqlite.org/releaselog/3_26_0.html

Release Date: 2019-04-03

Fix Resolution: 3.26.0

CVE-2020-11655 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

Publish Date: 2020-04-09

URL: CVE-2020-11655

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2020-04-09

Fix Resolution: 3.32.3

CVE-2020-13630 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

Publish Date: 2020-05-27

URL: CVE-2020-13630

### CVSS 3 Score Details (7.0)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13630

Release Date: 2020-05-27

Fix Resolution: 3.32.0

CVE-2019-16168 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Publish Date: 2019-09-09

URL: CVE-2019-16168

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62

Release Date: 2019-09-09

Fix Resolution: 3.30.0

CVE-2020-13631 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

Publish Date: 2020-05-27

URL: CVE-2020-13631

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631

Release Date: 2020-05-27

Fix Resolution: 3.32.0

CVE-2020-13632 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

Publish Date: 2020-05-27

URL: CVE-2020-13632

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13632

Release Date: 2020-05-27

Fix Resolution: 3.32.0

CVE-2020-13434 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

Publish Date: 2020-05-24

URL: CVE-2020-13434

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434

Release Date: 2020-05-24

Fix Resolution: 3.32.1

CVE-2020-13435 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

Publish Date: 2020-05-24

URL: CVE-2020-13435

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435

Release Date: 2020-05-24

Fix Resolution: 3.32.1

CVE-2019-19645 ### Vulnerable Library - sqlite-amalgamation3.25.3

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.

Library home page: https://www.sqlite.org/?wsslib=sqlite-amalgamation

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/sqlite/sqlite3.c /release/src/router/sqlite/sqlite3.c

### Vulnerability Details

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

Publish Date: 2019-12-09

URL: CVE-2019-19645

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645

Release Date: 2019-12-09

Fix Resolution: 3.31.0

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #87

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #87