A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
Missing Release of Memory after Effective Lifetime
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/sqlite3 | deb | debian | 12 | >=3.40.1-2 | Not yet available |
| debian/sqlite | deb | debian | 10 | >=2.8.17-15 | Not yet available |
| debian/sqlite3 | deb | debian | 11 | >=3.34.1-3 | Not yet available |
| debian/sqlite3 | deb | debian | unstable | >=3.45.3-1 | Not yet available |
| debian/sqlite3 | deb | debian | 13 | >=3.45.3-1 | Not yet available |
| debian/sqlite3 | deb | debian | 10 | >=3.27.2-3+deb10u1 | Not yet available |
Severity and metrics
No CVSS data available from this source.
2.8
2.8
BIT-2021-45346
-
BIT-sqlite-2021-45346
-
-
-