Name Description CVE-2019-9937<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937> In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. CVE-2019-9936<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936> In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. CVE-2019-5827<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827> Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-3784<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3784> Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id. CVE-2019-16168<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168> In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." CVE-2019-10752<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10752> Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite. CVE-2018-8740<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740> In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. CVE-2018-7774<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7774> The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.
________________________________ From: sqlite-users <sqlite-users-boun...@mailinglists.sqlite.org> on behalf of Kees Nuyt <k.n...@zonnet.nl> Sent: Thursday, November 21, 2019 09:51 AM To: sqlite-users@mailinglists.sqlite.org <sqlite-users@mailinglists.sqlite.org> Subject: Re: [sqlite] Bug report On Tue, 19 Nov 2019 00:19:13 -0500, you wrote: > Hi, > > This is Yongheng Chen from Gatech and Rui Zhong from PSU. > We found 7 crashes for sqlite of the newest commit > 3842e8f166e23a1ed6e6094105e7a23502d414da. > We have attached the samples that crash sqlite in the email. The mailing list strips attachemnts. Please insert them in the body text of your message, or mail them to Richard Hipp. > FYI, we have also reported the bugs for CVE > at cve.mitre.org <http://cve.mitre.org/>. Can you tell us the CVE nunber? -- Regards, Kees Nuyt _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
