Package sqlite3 updated to version 3.36.0-alt2 for branch c9f2 in task 289924.

Published: 2021-02-05

BDU:2021-01135

Уязвимость функции SELECT системы управления базами данных SQLite, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.1) Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

References:

CVE-2021-20227

Published: 2021-07-07

BDU:2021-05231

Уязвимость функции idxGetTableInfo компонента командной строки встраиваемой СУБД SQLite, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2021-36690

Published: 2021-03-23
Modified: 2024-11-21

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2021-08-24
Modified: 2024-11-21

CVE-2021-36690

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

No data currently available.

sqlite3: обновить до 3.35.2

Version: 2.1.0

Package sqlite3 update in c9f2 on 2021-11-22

ALT-PU-2021-3336-1

Closed vulnerabilities

BDU:2021-01135

BDU:2021-05231

CVE-2021-20227

CVE-2021-36690

OVE-20211020-0001

Closed bugs

Bug #39823