pkg:Debian/sqlite3
73 total CVEsCRITICAL13HIGH35MEDIUM18
✅ Check your installed version
All known vulnerabilities
- from 0
- from 0, < 3.46.1-3
- CRITICAL9.8CVE-2020-35527In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.from 0, < 3.32.0-1
- CRITICAL9.8CVE-2020-11656In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a comp…from 0, < 3.32.0-1
- CRITICAL9.8CVE-2019-8457SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree…from 0, < 3.27.2-3
- from 0, < 3.8.7.1-1+deb8u4
- from 0, < 3.19.3-3
- from 0, < 3.7.13-1+deb7u4
- from 0, < 3.16.2-1
- from 0, < 3.16.0-1
- from 0, < 3.15.2-1
- from 0, < 3.15.2-1
- CRITICAL9.1CVE-2025-7458SQLite integer overflow in key info allocation may lead to information disclosure.from 0
- HIGH8.8CVE-2019-5827Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corrupt…from 0, < 3.27.2-3
- HIGH8.1CVE-2019-5018An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0.from 0, < 3.27.2-3
- HIGH8.1CVE-2018-20506SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries i…from 0, < 3.25.3-1
- from 0, < 3.8.7.1-1+deb8u3
- from 0, < 3.25.3-1
- from 0, < 3.16.2-5+deb9u2
- HIGH7.5CVE-2025-70873An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to o…from 0
- HIGH7.5CVE-2025-52099Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside func…from 0
- HIGH7.5CVE-2025-29087In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-alloc…from 0, < 3.46.1-3
- HIGH7.5CVE-2021-31239An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.from 0, < 3.36.0-2
- from 0, < 3.27.2-3+deb10u2
- from 0, < 3.32.0-1
- from 0
- from 0, < 3.34.1-3+deb11u1
- from 0, < 3.34.1-3+deb11u1
- HIGH7.5CVE-2020-13871SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.from 0, < 3.32.2-2
- from 0, < 3.31.1-5
- from 0, < 3.8.7.1-1+deb8u5
- HIGH7.5CVE-2020-9327In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generate…from 0, < 3.31.1-3
- HIGH7.5CVE-2019-19959ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, l…from 0, < 3.30.1+fossil191229-1
- from 0, < 3.30.1+fossil191229-1
- from 0, < 3.16.2-5+deb9u3
- HIGH7.5CVE-2019-19925zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.from 0, < 3.30.1+fossil191229-1
- HIGH7.5CVE-2019-19923flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side…from 0, < 3.30.1+fossil191229-1
- from 0, < 3.30.1+fossil191229-1
- HIGH7.5CVE-2019-19603SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.from 0, < 3.30.1+fossil191229-1
- HIGH7.5CVE-2019-19244sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORD…from 0, < 3.30.1+fossil191229-1
- HIGH7.5CVE-2018-20505SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (applicat…from 0, < 3.25.3-1
- HIGH7.5CVE-2019-9937In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference…from 0, < 3.27.2-2
- HIGH7.5CVE-2019-9936In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqli…from 0, < 3.27.2-2
- HIGH7.5CVE-2018-8740In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, rel…from 0, < 3.22.0-2
- HIGH7.5CVE-2017-15286SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(p…from 0, < 3.20.1-2
- HIGH7.3CVE-2023-7104SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflowfrom 0, < 3.34.1-3+deb11u1
- HIGH7.3CVE-2022-46908SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctio…from 0, < 3.40.0-2
- HIGH7.0CVE-2020-13630ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.from 0, < 3.32.0-1
- MEDIUM6.5CVE-2019-16168In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a s…from 0, < 3.29.0-2
- MEDIUM5.9CVE-2019-19242SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.from 0, < 3.30.1+fossil191229-1
- from 0, < 3.7.13-1+deb7u3
- from 0, < 3.13.0-1
- MEDIUM5.5CVE-2025-29088In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (applica…from 0
- from 0, < 3.43.2-1
- MEDIUM5.5CVE-2020-24736Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted scrip…from 0, < 3.27.2-1
- from 0, < 3.34.1-1
- MEDIUM5.5CVE-2020-15358In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse…from 0, < 3.32.3-1
- MEDIUM5.5CVE-2020-13632ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.from 0, < 3.32.0-1
- MEDIUM5.5CVE-2020-13631SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.from 0, < 3.32.0-1
- MEDIUM5.5CVE-2020-13435SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.from 0, < 3.32.1-1
- from 0, < 3.32.1-1
- from 0, < 3.8.7.1-1+deb8u6
- MEDIUM5.5CVE-2019-19645alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction…from 0, < 3.30.1+fossil191229-1
- MEDIUM5.5CVE-2017-13685The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via…from 0, < 3.20.1-1
- MEDIUM5.3CVE-2019-19924SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c.from 0, < 3.30.1+fossil191229-1
- MEDIUM4.3CVE-2021-45346A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Da…from 0
- from 0
- —CVE-2013-7443Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL…from 0, < 3.8.3-1
- from 0, < 3.7.13-1+deb7u2
- from 0, < 3.8.9-1
- —CVE-2015-3415The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-depend…from 0, < 3.8.9-1
- from 0, < 3.8.9-1
- from 0, < 3.8.7.1-1+deb8u1