summaryrefslogtreecommitdiffstats
path: root/www/cves.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 14:07:11 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 14:07:11 +0000
commit63847496f14c813a5d80efd5b7de0f1294ffe1e3 (patch)
tree01c7571c7c762ceee70638549a99834fdd7c411b /www/cves.html
parentInitial commit. (diff)
downloadsqlite3-63847496f14c813a5d80efd5b7de0f1294ffe1e3.tar.xz
sqlite3-63847496f14c813a5d80efd5b7de0f1294ffe1e3.zip
Adding upstream version 3.45.1.upstream/3.45.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'www/cves.html')
-rw-r--r--www/cves.html783
1 files changed, 783 insertions, 0 deletions
diff --git a/www/cves.html b/www/cves.html
new file mode 100644
index 0000000..7d1714b
--- /dev/null
+++ b/www/cves.html
@@ -0,0 +1,783 @@
+<!DOCTYPE html>
+<html><head>
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<link href="sqlite.css" rel="stylesheet">
+<title>Vulnerabilities</title>
+<!-- path= -->
+</head>
+<body>
+<div class=nosearch>
+<a href="index.html">
+<img class="logo" src="images/sqlite370_banner.gif" alt="SQLite" border="0">
+</a>
+<div><!-- IE hack to prevent disappearing logo --></div>
+<div class="tagline desktoponly">
+Small. Fast. Reliable.<br>Choose any three.
+</div>
+<div class="menu mainmenu">
+<ul>
+<li><a href="index.html">Home</a>
+<li class='mobileonly'><a href="javascript:void(0)" onclick='toggle_div("submenu")'>Menu</a>
+<li class='wideonly'><a href='about.html'>About</a>
+<li class='desktoponly'><a href="docs.html">Documentation</a>
+<li class='desktoponly'><a href="download.html">Download</a>
+<li class='wideonly'><a href='copyright.html'>License</a>
+<li class='desktoponly'><a href="support.html">Support</a>
+<li class='desktoponly'><a href="prosupport.html">Purchase</a>
+<li class='search' id='search_menubutton'>
+<a href="javascript:void(0)" onclick='toggle_search()'>Search</a>
+</ul>
+</div>
+<div class="menu submenu" id="submenu">
+<ul>
+<li><a href='about.html'>About</a>
+<li><a href='docs.html'>Documentation</a>
+<li><a href='download.html'>Download</a>
+<li><a href='support.html'>Support</a>
+<li><a href='prosupport.html'>Purchase</a>
+</ul>
+</div>
+<div class="searchmenu" id="searchmenu">
+<form method="GET" action="search">
+<select name="s" id="searchtype">
+<option value="d">Search Documentation</option>
+<option value="c">Search Changelog</option>
+</select>
+<input type="text" name="q" id="searchbox" value="">
+<input type="submit" value="Go">
+</form>
+</div>
+</div>
+<script>
+function toggle_div(nm) {
+var w = document.getElementById(nm);
+if( w.style.display=="block" ){
+w.style.display = "none";
+}else{
+w.style.display = "block";
+}
+}
+function toggle_search() {
+var w = document.getElementById("searchmenu");
+if( w.style.display=="block" ){
+w.style.display = "none";
+} else {
+w.style.display = "block";
+setTimeout(function(){
+document.getElementById("searchbox").focus()
+}, 30);
+}
+}
+function div_off(nm){document.getElementById(nm).style.display="none";}
+window.onbeforeunload = function(e){div_off("submenu");}
+/* Disable the Search feature if we are not operating from CGI, since */
+/* Search is accomplished using CGI and will not work without it. */
+if( !location.origin || !location.origin.match || !location.origin.match(/http/) ){
+document.getElementById("search_menubutton").style.display = "none";
+}
+/* Used by the Hide/Show button beside syntax diagrams, to toggle the */
+function hideorshow(btn,obj){
+var x = document.getElementById(obj);
+var b = document.getElementById(btn);
+if( x.style.display!='none' ){
+x.style.display = 'none';
+b.innerHTML='show';
+}else{
+x.style.display = '';
+b.innerHTML='hide';
+}
+return false;
+}
+var antiRobot = 0;
+function antiRobotGo(){
+if( antiRobot!=3 ) return;
+antiRobot = 7;
+var j = document.getElementById("mtimelink");
+if(j && j.hasAttribute("data-href")) j.href=j.getAttribute("data-href");
+}
+function antiRobotDefense(){
+document.body.onmousedown=function(){
+antiRobot |= 2;
+antiRobotGo();
+document.body.onmousedown=null;
+}
+document.body.onmousemove=function(){
+antiRobot |= 2;
+antiRobotGo();
+document.body.onmousemove=null;
+}
+setTimeout(function(){
+antiRobot |= 1;
+antiRobotGo();
+}, 100)
+antiRobotGo();
+}
+antiRobotDefense();
+</script>
+<div class=fancy>
+<div class=nosearch>
+<div class="fancy_title">
+Vulnerabilities
+</div>
+<div class="fancy_toc">
+<a onclick="toggle_toc()">
+<span class="fancy_toc_mark" id="toc_mk">&#x25ba;</span>
+Table Of Contents
+</a>
+<div id="toc_sub"><div class="fancy-toc1"><a href="#executive_summary">1. Executive Summary</a></div>
+<div class="fancy-toc1"><a href="#about_cves">2. About CVEs</a></div>
+<div class="fancy-toc2"><a href="#a_separate_sql_injection_vulnerability_is_usually_required">2.1. A separate SQL injection vulnerability is usually required</a></div>
+<div class="fancy-toc2"><a href="#defense_against_dark_arts">2.2. Defense Against Dark Arts</a></div>
+<div class="fancy-toc2"><a href="#the_sqlite_developer_policy_toward_cves">2.3. The SQLite Developer Policy Toward CVEs</a></div>
+<div class="fancy-toc1"><a href="#status_of_recent_sqlite_cves">3. Status Of Recent SQLite CVEs</a></div>
+</div>
+</div>
+<script>
+function toggle_toc(){
+var sub = document.getElementById("toc_sub")
+var mk = document.getElementById("toc_mk")
+if( sub.style.display!="block" ){
+sub.style.display = "block";
+mk.innerHTML = "&#x25bc;";
+} else {
+sub.style.display = "none";
+mk.innerHTML = "&#x25ba;";
+}
+}
+</script>
+</div>
+
+
+
+
+
+<h1 id="executive_summary"><span>1. </span>Executive Summary</h1>
+
+<ul>
+<li><p>
+CVEs about SQLite probably do not apply to your use of SQLite.
+
+</p></li><li><p>
+All historical vulnerabilities reported against SQLite require at least
+one of these preconditions:
+</p><ol type="1">
+<li><p>
+The attacker can submit and run arbitrary SQL statements.
+</p></li><li><p>
+The attacker can submit a maliciously crafted database file to the
+application that the application will then open and query.
+</p></li></ol>
+
+</li><li><p>
+Few real-world applications meet either of these preconditions, and hence
+few real-world applications are vulnerable, even if they use older
+and unpatched versions of SQLite.
+
+</p></li><li><p>
+The SQLite development team fixes bugs promptly,
+usually within hours of discovery. New releases of SQLite
+are issued if the bug seems likely to impact real-world
+applications.
+
+</p></li><li><p>
+Grey-hat hackers are rewarded based on the number and severity of
+CVEs that they write. This results in a proliferation of CVEs that
+have minor impact, or no impact at all, but which make
+exaggerated impact claims.
+
+</p></li><li><p><a name="notnew"></a>
+Very few CVEs written about SQLite are real vulnerabilities in the
+sense that they do not give any new capabilities to an attacker.
+Consider:
+</p><ol type="a">
+<li><p>
+ Almost all CVEs written against SQLite require the ability to
+ inject and run arbitrary SQL.
+</p></li><li><p>
+ The advertised consequence of most CVEs is "denial of service",
+ typically by causing a crash through a NULL pointer dereference or
+ a division by zero, or similar.
+</p></li><li><p>
+ But if an attacker can already run
+ arbitrary SQL, they do not need a bug to cause a denial of service.
+ There are plenty of perfectly legal and valid SQL statements
+ that will consume unlimited CPU, memory, and disk I/O in order
+ to create a denial-of-service without requiring help from bugs.
+</p></li><li><p>
+ Hence, the mere fact that an attacker has a way to inject and run
+ arbitrary SQL is in and of itself a denial-of-service attack. That
+ the arbitrary SQL might also tickle a bug in SQLite and cause a
+ crash is not a new vulnerability.
+</p></li></ol>
+
+</li><li><p>
+The SQLite developers do not write CVEs. Any CVEs you find on
+SQLite are generated by third-parties, often without any input from the
+core developers. A common scenario is that someone will report a bug in
+SQLite, which will promptly be fixed, then weeks later a CVE for that bug will
+appear, unbeknownst to the developers.
+
+</p></li><li><p>
+You should not assume that a CVE about
+SQLite contains authoritative information.
+CVEs often contain inaccuracies.
+The SQLite developers have attempted to add clarifications and
+corrections to CVEs about SQLite.
+
+</p></li></ul>
+
+<h1 id="about_cves"><span>2. </span>About CVEs</h1>
+
+<p>CVEs ("Common Vulnerabilities and Exposures") are reports of software
+bugs that might allow a system to be hacked. The idea
+behind CVEs is sound. They provide a common naming scheme whereby
+software bugs that might compromise information security can be easily
+tracked.
+
+</p><p>While the original idea being CVEs is sound, the current processes for
+creating and managing CVEs are inadequate. There are countless grey-hat
+hackers running fuzzers against a wide-variety of open-source software
+products (SQLite as well as many others) and writing up CVEs against
+any problems they find. The grey-hats are rewarded, sometimes with
+prestige and sometimes financially, by the number and severity of
+the CVEs they write. This incentive results in a proliferation
+of CVEs which are often not well-vetted and which can have exaggerated
+impact claims. The quality-control procedures for CVEs are unable
+to cope with this flood of inputs, making it difficult to correct
+exaggerated, misleading, omitted, or inaccurate claims.
+
+</p><p>This is not to say that CVEs are useless. CVEs do still (mostly)
+report actual bugs. But in most cases the bugs are not true vulnerabilities,
+in the sense that they do not contribute to data loss or compromise
+in and of themselves.
+It is good that bugs are reported and fixed. But not every bug is
+accessible from every application. In the case of SQLite, most of the
+bugs reported by CVEs are inaccessible in most applications. Upgrading
+to the latest version of SQLite is always a good plan, but it need not
+be an emergency just because an anonymous grey-hat on the internet
+wrote up a CVE.
+
+</p><h2 id="a_separate_sql_injection_vulnerability_is_usually_required"><span>2.1. </span>A separate SQL injection vulnerability is usually required</h2>
+
+<p>
+Other C-libraries that process complex structured inputs will
+routinely be asked to deal with unvetted inputs from untrusted
+sources. Libraries like libjpeg, or libzip, or OpenSSL are
+handed input streams that come directly from potentially hostile
+agents.
+
+</p><p>
+But database engines like SQLite are usually not this way.
+The SQL scripts that are passed into SQLite come from the
+(trusted) application itself, not from an attacker. Sometimes
+applications contain bugs by which an external attacker can
+trick the application into sending SQL of the attackers design
+into the database engine. This is a separate bug in the
+application called an
+<a href="https://en.wikipedia.org/wiki/SQL_injection">SQL Injection
+vulnerability</a>. Since SQL text is executable code, an
+SQL Injection vulnerability is actually a special case of a
+<a href="https://en.wikipedia.org/wiki/Arbitrary_code_execution">Remote
+Code Execution (RCE) vulnerability</a>. An SQL Injection is perhaps not
+quite as bad as other kinds of RCEs because,
+while SQL is a powerful language, it is not as convenient
+for crafting an exploit as Python or shell script or raw machine code.
+Nevertheless, an SQL Injection is a serious problem.
+
+</p><p>
+Most CVEs written about SQLite assume that the attacker is
+able to run arbitrary SQL scripts in SQLite. In most applications,
+this means that there must first be an SQL Injection vulnerability
+that allows the attacker to inject the malicious SQL.
+
+</p><p>
+A few applications do allow untrusted SQL scripts received from
+potentially hostile agents to be run direct in SQLite. The main
+example of this is the Chrome and Safari web browsers, which allow
+an anonymous web page to run SQL using the WebSQL feature of Javascript.
+This is done inside a sandbox with tightly controlled constraints on
+resources, lest the SQL script try to soak up all available memory
+or CPU cycles in a denial-of-service attack. Chrome and Safari
+have the infrastructure in place to allow a hostile agent to run
+code which does not harm or compromise the rest of the machine.
+They have to, as they also run Javascript which could, if not
+tightly controlled, do even more damage than unrestrained SQL.
+Apart from Chrome and Safari, no applications known to the
+SQLite developers deliberately allows an anonymous remote agent
+to run arbitrary SQL text.
+
+</p><p>However, most CVEs written against SQLite flippantly assume
+that an attacker is free to run any arbitrary SQL in the database
+engine. So to a good approximation, this means most CVEs
+written against SQLite really only apply to SQLite as it is
+used in Chrome and Safari. Or, in other words, most CVEs
+for SQLite do not apply to you unless you are one of the
+developers of Chrome or Safari.
+
+</p><h2 id="defense_against_dark_arts"><span>2.2. </span>Defense Against Dark Arts</h2>
+
+<p>
+Most applications can use SQLite without having to worry about
+bugs in obscure SQL inputs. If the application controls
+the SQL, and the application is not deliberately trying to break
+SQLite, then everything should just work.
+It is not necessary to have the latest patched version of SQLite.
+Any older version should work just fine.
+
+</p><p>
+However, there are some occasions where an application does need
+to be able to safely run untrusted SQL. The SQLite developers work hard
+to make SQLite safe for this purpose, though there are occasional
+slip-ups. It is good to keep up-to-date with the latest patches
+in this case. The separate <a href="security.html">defense against dark arts</a> document
+contains additional suggestions that can help prevent zero-day
+attacks in cases where SQLite is given inputs that come directly
+from untrusted sources.
+
+</p><h2 id="the_sqlite_developer_policy_toward_cves"><span>2.3. </span>The SQLite Developer Policy Toward CVEs</h2>
+
+<p>SQLite developers fix all bugs in SQLite as soon as they are reported,
+usually within a few hours. The fixes are immediately available on the
+<a href="https://sqlite.org/src/timeline">public SQLite source tree</a>.
+If a bug seems like it might cause problems for existing applications,
+a new patch release for SQLite will be issued.
+
+</p><p>However, the SQLite developers do not track CVEs. There are
+various reasons for this:
+
+</p><ol>
+<li><p>
+The developers often do not find out about CVEs until long after the
+bug is fixed. You can see this by the fact that many CVEs reference the
+bug fix in their initial report.
+
+</p></li><li><p>
+CVEs are a low-quality source of information about bugs in SQLite
+that are likely to affect most applications.
+
+</p></li><li><p>
+Almost all bugs reported by CVEs are just bugs and not
+true vulnerabilities. Claiming that they are vulnerabilities is
+stretching the meaning of the word "vulnerability" and the SQLite
+developers do not wish to participate in that deception.
+
+</p></li><li><p>
+The developers have no editorial influence on the content of CVEs,
+and they do not like to be controlled by groups in which they have
+no voice.
+</p></li></ol>
+
+
+<a name="cvetab"></a>
+
+<h1 id="status_of_recent_sqlite_cves"><span>3. </span>Status Of Recent SQLite CVEs</h1>
+
+<p>Though the SQLite developers do not consider CVEs to be a reliable
+source of information about bugs in SQLite, they recognize that many
+groups, and especially small teams working at the bottom of tall
+bureaucracies, sometimes need to track CVEs, whether they are useful
+or not. To aid in this chore, the following table of recent CVEs
+affecting SQLite is provided.
+
+</p><p>If you notice new CVEs associated with SQLite that are not in
+the table below, please bring them to the attention of the developers
+on the <a href="https://sqlite.org/forum/about">SQLite Forum</a> so they can
+be added.
+
+</p><table border="1" cellpadding="5" cellspacing="0" style="margin-left:5ex;">
+<thead>
+<tr>
+<th valign="bottom">CVE Number</th>
+<th valign="bottom">Fix</th>
+<th valign="bottom">Comments</th>
+</tr>
+</thead>
+<tbody>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2024-0232'>CVE-2024-0232</a>
+</td>
+<td valign='top'><a href="releaselog/3_43_2.html">3.43.2</a><br>(2023-10-10)</td>
+<td valign='top'>An attacker that can inject arbitrary SQL statements into an application
+ might be able to provoke a use-after-free bug in SQLite's JSON parser that
+ can (in theory) lead to an application crash and denial of service. See
+ <a href="https://sqlite.org/forum/forumpost/b25edc1d4662ebca">forum thread b25edc1d4662</a>
+ for the bug report.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2023-32697'>CVE-2023-32697</a>
+</td>
+<td valign='top'>Not a bug in SQLite</td>
+<td valign='top'>This is a bug in the SQLite JDBC library, which is a wrapper library that
+ provides access to SQLite from Java. SQLite JDBC is created and maintained
+ independently from SQLite. Despite the use of "SQLite" in the name, the
+ SQLite JDBC library is not affiliated with the SQLite project in any way.
+ The vulnerability identified by this CVE is in the separate SQLite JDBC
+ wrapper library and does not affect SQLite itself.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2023-39939'>CVE-2023-39939</a>
+</td>
+<td valign='top'>Not a bug in SQLite</td>
+<td valign='top'>This is not a bug in SQLite. This is an
+ <a href="https://en.wikipedia.org/wiki/SQL_injection">SQL injection bug</a> in an application
+ (LuxCal Web Calendar) that links against SQLite.
+ Even though this CVE is not about SQLite, "SQLite" is
+ mentioned in the description and so we list it here.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2023-39543'>CVE-2023-39543</a>
+</td>
+<td valign='top'>Not a bug in SQLite</td>
+<td valign='top'>This is not a bug in SQLite. This is an
+ <a href="https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting">XSS vulnerability</a>
+ in a separate application (LuxCal Web Calendar) that links against
+ SQLite. The bug is in the application, not in SQLite. However "SQLite" is
+ mentioned in the description and so we list it here.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2023-7104'>CVE-2023-7104</a>
+</td>
+<td valign='top'><a href="releaselog/3_43_2.html">3.43.2</a><br>(2023-10-10)</td>
+<td valign='top'>This is a bug in the <a href="sessionintro.html">session extension</a> of SQLite, not in the SQLite core.
+ This bug is only reachable by applications that recompile SQLite using the
+ <a href="compile.html#enable_session">-DSQLITE_ENABLE_SESSION</a> compile-time option and then use the Session
+ C-language APIs to process a <a href="sessionintro.html#changeset">changeset</a> that has been subtly corrupted by an
+ adversary. So this bug probably does not apply to you. See
+ <a href="https://sqlite.org/forum/forumpost/f935c4708dd528d9">forum post f935c4708dd528d9</a>
+ for additional information.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2022-46908'>CVE-2022-46908</a>
+</td>
+<td valign='top'>Not a bug in the core SQLite library</td>
+<td valign='top'>This is a bug in the --safe command-line option of the <a href="cli.html">command-line shell</a>
+ program that is available for accessing SQLite database files. The bug does
+ not exist in the SQLite library. Nor is it an issue for the <a href="cli.html">CLI</a> as long as
+ the user does not depend on the --safe option. It is not serious. It is
+ debatable whether or not this is a security issue.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2022-38627'>CVE-2022-38627</a>
+</td>
+<td valign='top'>Not a bug in SQLite</td>
+<td valign='top'>This is not a bug in SQLite. This is an
+ <a href="https://en.wikipedia.org/wiki/SQL_injection">SQL injection bug</a> in a specific
+ PHP application. In other words, the bug is in the PHP application code, not
+ in SQLite. Even though this CVE is not about SQLite, "SQLite" is
+ mentioned in the publicity about the bug and so we list it here.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2022-35737'>CVE-2022-35737</a>
+</td>
+<td valign='top'><a href="releaselog/3_39_2.html">3.39.2</a><br>(2022-07-21)</td>
+<td valign='top'>This bug is an array-bounds overflow. The bug is only accessible when using some
+ of the C-language APIs provided by SQLite. The bug cannot be reached using SQL
+ nor can it be reached by providing SQLite with a corrupt database file.
+ The bug only comes up when very long string inputs (greater than 2 billion bytes
+ in length) are provided as arguments to a few specific C-language interfaces,
+ and even then only under special circumstances.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2022-24854'>CVE-2022-24854</a>
+</td>
+<td valign='top'>Not a bug in SQLite</td>
+<td valign='top'>This CVE describes a bug in an application that uses SQLite, not in SQLite itself.
+ SQLite is doing everything correctly. The application grants users the ability to
+ run SQL statements, using SQLite, that can leak or change information that those users
+ should not normally have access to. This is purely an application bug. It does not
+ describe a malfunction or vulnerability in SQLite.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2022-21227'>CVE-2022-21227</a>
+</td>
+<td valign='top'>Not a bug in SQLite</td>
+<td valign='top'>This CVE describes a bug in a third-party packages that provides a binding
+ for SQLite to Node.js. The bug reported is in the third-party Node.js binding,
+ not in SQLite itself. Do not be confused by the use of the word "SQLite" in the
+ ambiguously-worded CVE description.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2021-45346'>CVE-2021-45346</a>
+</td>
+<td valign='top'>Not a bug in SQLite</td>
+<td valign='top'>This CVE is misinformation. See the discussion around
+ <a href="https://sqlite.org/forum/forumpost/53de8864ba114bf6">SQLite forum post 53de8864ba114bf</a>.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2021-42169'>CVE-2021-42169</a>
+</td>
+<td valign='top'>Not a bug in SQLite</td>
+<td valign='top'>This CVE has nothing whatsoever to do with SQLite. It is about a bug in
+ application that happens to use SQLite. Since SQLite is mentioned in the
+ CVE description, the CVE is included here to emphasize that
+ this is not an SQLite bug.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2021-36690'>CVE-2021-36690</a>
+</td>
+<td valign='top'>Not a bug in the core SQLite library</td>
+<td valign='top'>This bug is not in the SQLite core library, but rather in an
+ <a href="https://www.sqlite.org/src/dir?ci=trunk&name=ext/expert">
+ experimental extension</a> that is used to implement the
+ <a href="cli.html#expert">.expert command</a> in the <a href="cli.html">CLI</a>. The code that contains the bug
+ does not appear in <a href="amalgamation.html">standard SQLite builds</a>, though it
+ is included in the <a href="cli.html">sqlite3.exe command-line tool</a>.
+ Applications must link against the extra source code files that
+ implement the extension and take other deliberate actions to
+ activate the extension before the troublesome code can be run.
+ For the rare application that uses the troublesome extension,
+ the consequence of this bug is that malicious SQL can cause a
+ NULL pointer deference and denial of service.
+<a href='https://sqlite.org/forum/info/78165fa25061742f'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2021-28305'>CVE-2021-28305</a>
+</td>
+<td valign='top'>Not a bug in SQLite</td>
+<td valign='top'>This is not a bug in SQLite. The bug is in a third-party application that
+ uses SQLite. SQLite is mentioned by name in the CVE description,
+ however, so we have included the CVE in the list.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2021-23404'>CVE-2021-23404</a>
+</td>
+<td valign='top'>Not a bug in SQLite</td>
+<td valign='top'>This is not a bug in SQLite. The bug is in a third-party application that
+ uses SQLite and includes "sqlite" in its name. This CVE is included on the
+ list because it mentions SQLite even though the bug has nothing to do
+ with SQLite.</td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2021-20227'>CVE-2021-20227</a>
+</td>
+<td valign='top'><a href="releaselog/3_34_1.html">3.34.1</a><br>(2021-01-20)</td>
+<td valign='top'>Malicious SQL statement causes read-after-free. No harm can come of this
+ particular read-after-free instance, as far as anyone knows. The bug is
+ undetectable without a memory sanitizer. The CVE
+ claims that this bug is an RCE - a Remote Code Execution
+ vulnerability, but that claim is incorrect.
+ The RCE claim is misinformation.
+<a href='https://sqlite.org/src/info/30a4c323650cc949'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2021-20223'>CVE-2021-20223</a>
+</td>
+<td valign='top'><a href="releaselog/3_34_0.html">3.34.0</a><br>(2020-12-01)</td>
+<td valign='top'>The problem identified by this CVE is <u>not</u> a vulnerability.
+ It is a malfunction. A coding error causes <a href="fts5.html">FTS5</a>
+ to sometimes return inconsistent and incorrect results under obscure circumstances,
+ but no memory errors occur.
+<a href='https://sqlite.org/src/info/b7b7bde9b7a03665'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2020-15358'>CVE-2020-15358</a>
+</td>
+<td valign='top'><a href="releaselog/3_32_3.html">3.32.3</a><br>(2020-06-18)</td>
+<td valign='top'>Malicious SQL statement causes a read past the end of a heap buffer.
+<a href='https://sqlite.org/src/info/8f157e8010b22af0'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2020-13871'>CVE-2020-13871</a>
+</td>
+<td valign='top'><a href="releaselog/3_32_3.html">3.32.3</a><br>(2020-06-18)</td>
+<td valign='top'>Malicious SQL statement causes a read-only use-after-free memory error.
+<a href='https://sqlite.org/src/info/c8d3b9f0a750a529'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2020-13632'>CVE-2020-13632</a>
+</td>
+<td valign='top'><a href="releaselog/3_32_0.html">3.32.0</a><br>(2020-05-22)</td>
+<td valign='top'>Malicious SQL statement causes a read of a NULL pointer in the
+ <a href="fts3.html#matchinfo">matchinfo()</a> SQL function of the <a href="fts3.html">FTS3</a> extension, resulting in
+ denial of service.
+<a href='https://sqlite.org/src/info/a4dd148928ea65bd'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2020-13631'>CVE-2020-13631</a>
+</td>
+<td valign='top'><a href="releaselog/3_32_0.html">3.32.0</a><br>(2020-05-22)</td>
+<td valign='top'>Malicious SQL statement (an ALTER TABLE that tries to rename a
+ <a href="vtab.html">virtual table</a> into one of its own <a href="vtab.html#xshadowname">shadow tables</a>)
+ causes an infinite loop and denial of service.
+<a href='https://sqlite.org/src/info/eca0ba2cf4c0fdf7'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2020-13630'>CVE-2020-13630</a>
+</td>
+<td valign='top'><a href="releaselog/3_32_0.html">3.32.0</a><br>(2020-05-22)</td>
+<td valign='top'>Malicious SQL statement causes a read-only use-after-free,
+ possibly resulting in an incorrect output from the <a href="fts3.html#snippet">snippet()</a>
+ SQL function of the <a href="fts3.html">FTS3</a> extension. There is no known
+ way to exfiltrate data or crash the application using this bug.
+<a href='https://sqlite.org/src/info/0d69f76f0865f962'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2020-13435'>CVE-2020-13435</a>
+</td>
+<td valign='top'><a href="releaselog/3_32_1.html">3.32.1</a><br>(2020-05-25)</td>
+<td valign='top'>Malicious SQL statement causes a read access to a NULL pointer and
+ denial of service.
+<a href='https://www.sqlite.org/src/info/7a5279a25c57adf1'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2020-13434'>CVE-2020-13434</a>
+</td>
+<td valign='top'><a href="releaselog/3_32_1.html">3.32.1</a><br>(2020-05-25)</td>
+<td valign='top'>Malicious SQL statement involving the printf() SQL function results
+ in an integer overflow which can overwrite the stack with over 2
+ billion bytes of 0x30 or 0x20 (ASCII '0' or ' ').
+ Even though this is a stack overwrite, there is no known way to
+ redirect control or otherwise escalate the level of harm.
+ This is a denial-of-service attack only.
+<a href='https://www.sqlite.org/src/info/23439ea582241138'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2020-11656'>CVE-2020-11656</a>
+</td>
+<td valign='top'><a href="releaselog/3_32_0.html">3.32.0</a><br>(2020-05-22)</td>
+<td valign='top'>Malicious SQL statement causes read-only use-after-free of memory allocation
+ if SQLite is compile with -DSQLITE_DEBUG. Does not affect release
+ builds.
+<a href='https://www.sqlite.org/src/info/4722bdab08cb1'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2020-11655'>CVE-2020-11655</a>
+</td>
+<td valign='top'><a href="releaselog/3_32_0.html">3.32.0</a><br>(2020-05-22)</td>
+<td valign='top'>Malicious SQL statement causes a read using an uninitialized pointer
+ and denial-of-service.
+<a href='https://www.sqlite.org/src/info/af4556bb5c285c08'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2020-9327'>CVE-2020-9327</a>
+</td>
+<td valign='top'><a href="releaselog/3_32_0.html">3.32.0</a><br>(2020-05-22)</td>
+<td valign='top'>Malicious SQL statement causes a read using an uninitialized pointer
+ and denial-of-service
+<a href='https://www.sqlite.org/src/info/4374860b29383380'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2020-6405'>CVE-2020-6405</a>
+</td>
+<td valign='top'><a href="releaselog/3_31_0.html">3.31.0</a><br>(2020-01-22)</td>
+<td valign='top'>Malicious SQL statement causes a NULL pointer dereference and
+ denial-of-service
+<a href='https://www.sqlite.org/src/info/1bc783da63d58b05'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2019-20218'>CVE-2019-20218</a>
+</td>
+<td valign='top'><a href="releaselog/3_31_0.html">3.31.0</a><br>(2020-01-22)</td>
+<td valign='top'>Malicious SQL statement causes an uninitialized pointer read and
+ denial-of-service.
+<a href='https://www.sqlite.org/src/timeline?r=better-error-handling-1'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2019-19959'>CVE-2019-19959</a>
+</td>
+<td valign='top'><a href="releaselog/3_31_0.html">3.31.0</a><br>(2020-01-22)</td>
+<td valign='top'>Malicious SQL statement causes a NULL pointer dereference
+ in the <a href="zipfile.html">Zipfile virtual table</a> extension and
+ denial-of-service. This is only possible when the optional
+ <a href="zipfile.html">Zipfile virtual table</a> extension is deployed, which is not
+ the case in default builds.
+<a href='https://www.sqlite.org/src/info/cc0fb00a128fd077'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2019-19926'>CVE-2019-19926</a>
+</td>
+<td valign='top'><a href="releaselog/3_31_0.html">3.31.0</a><br>(2020-01-22)</td>
+<td valign='top'>Malicious SQL statement causes an uninitialized pointer read and
+ denial-of-service.
+<a href='https://www.sqlite.org/src/info/cba2a2a44cdf138a'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2019-19925'>CVE-2019-19925</a>
+</td>
+<td valign='top'><a href="releaselog/3_31_0.html">3.31.0</a><br>(2020-01-22)</td>
+<td valign='top'>Malicious SQL statement causes a NULL pointer dereference and
+ in the <a href="zipfile.html">Zipfile virtual table</a> extension and
+ denial-of-service. This is only possible when the optional
+ <a href="zipfile.html">Zipfile virtual table</a> extension is deployed, which is not
+ the case in default builds.
+<a href='https://www.sqlite.org/src/info/a80f84b511231204'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2019-19924'>CVE-2019-19924</a>
+</td>
+<td valign='top'><a href="releaselog/3_31_0.html">3.31.0</a><br>(2020-01-22)</td>
+<td valign='top'>Malicious SQL statement causes an uninitialized pointer reference and
+ denial-of-service.
+<a href='https://www.sqlite.org/src/info/e2bddcd4c55ba3cb'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2019-19923'>CVE-2019-19923</a>
+</td>
+<td valign='top'><a href="releaselog/3_31_0.html">3.31.0</a><br>(2020-01-22)</td>
+<td valign='top'>Malicious SQL statement causes a NULL pointer dereference and
+ denial-of-service.
+<a href='https://www.sqlite.org/src/info/862974312edf00e9'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2019-19646'>CVE-2019-19646</a>
+</td>
+<td valign='top'><a href="releaselog/3_31_0.html">3.31.0</a><br>(2020-01-22)</td>
+<td valign='top'>The <a href="pragma.html#pragma_integrity_check">PRAGMA integrity_check</a> command might cause the byte-code for a prepared
+ statement to loop indefinitely. This might enable a denial-of-service, if the
+ application has not taken appropriate and prudent steps
+ to limit the run-time of SQL statements. This is not a vulnerability, as there
+ are countless perfectly valid SQL queries, especially queries involving
+ <a href="lang_with.html#recursivecte">recursive common table expressions</a>, that also run essentially forever.
+<a href='https://sqlite.org/src/info/bd8c280671ba44a7'>(details)</a></td>
+</tr>
+
+<tr><td valign='top'>
+<a href='https://nvd.nist.gov/vuln/detail/CVE-2019-19317'>CVE-2019-19317</a>
+</td>
+<td valign='top'><a href="releaselog/3_31_0.html">3.31.0</a><br>(2020-01-22)</td>
+<td valign='top'>This CVE identifies a bug in a development check-in of
+ SQLite. The bug never appeared in any official SQLite release.
+<a href='https://www.sqlite.org/src/info/6601da58032d18ae'>(details)</a></td>
+</tr>
+
+
+</tbody>
+</table>
+<p align="center"><small><i>This page last modified on <a href="https://sqlite.org/docsrc/honeypot" id="mtimelink" data-href="https://sqlite.org/docsrc/finfo/pages/cves.in?m=c03e1c6ed6">2024-01-16 16:06:37</a> UTC </small></i></p>
+