Memory Leak Affecting sqlite3 package, versions *


Severity

Recommended
low

Based on Debian security rating.

Threat Intelligence

EPSS
0.28% (69th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Memory Leak vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DEBIAN9-SQLITE3-2407041
  • published19 Feb 2022
  • disclosed14 Feb 2022

Introduced: 14 Feb 2022

CVE-2021-45346  (opens in a new tab)
CWE-401  (opens in a new tab)

How to fix?

There is no fixed version for Debian:9 sqlite3.

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Debian. See How to fix? for Debian:9 relevant fixed versions and status.

A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.

CVSS Scores

version 3.1