There are 5 open security issues in buster.
1 issue left for the package maintainer to handle:
- CVE-2021-45346:
(needs triaging)
A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information..
You can find information about how to handle this issue in the security team's documentation.
4 ignored issues:
- CVE-2019-19603:
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
- CVE-2019-19645:
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
- CVE-2019-19924:
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
- CVE-2020-13631:
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/s/sqlite3.png){kind=link}