CVE-2021-45346
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-45346
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45346.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-45346
- Aliases
- Downstream
- Withdrawn
- 2022-10-31T00:00:00Z
- Published
- 2022-02-14T19:15:07Z
- Modified
- 2025-07-29T10:14:51.461377Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
- References
-
- https://github.com/guyinatuxedo/sqlite3_record_leaking
- https://security.netapp.com/advisory/ntap-20220303-0001/
- https://sqlite.org/forum/forumpost/056d557c2f8c452ed5
- https://sqlite.org/forum/forumpost/53de8864ba114bf6
- https://www.sqlite.org/cves.html#status_of_recent_sqlite_cves
- https://security-tracker.debian.org/tracker/CVE-2021-45346
Affected packages
Debian:11 / sqlite3
Package
- Name
- sqlite3
- Purl
- pkg:deb/debian/sqlite3?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.34.1-3
3.34.1-3+deb11u1
3.35.5-1
3.36.0-1
3.36.0-2
3.37.0-1
3.37.0-2
3.37.1-1
3.37.2-1
3.37.2-2
3.38.0-1
3.38.1-1
3.38.2-1
3.38.3-1
3.38.5-1
3.39.0-1
3.39.0-2
3.39.0-3
3.39.1-1
3.39.2-1
3.39.3-1
3.39.4-1
3.40.0-1
3.40.0-2
3.40.1-1
3.40.1-2
3.42.0-1
3.43.0-1
3.43.1-1
3.43.2-1
3.44.0-1
3.44.2-1
3.45.0-1
3.45.1-1
3.45.2-1
3.45.3-1
3.45.3-2~exp1
3.46.0-1
3.46.1-1
3.46.1-2~exp
3.46.1-2
3.46.1-3
3.46.1-4
3.46.1-5
3.46.1-6
3.46.1-7
Debian:12 / sqlite3
Package
- Name
- sqlite3
- Purl
- pkg:deb/debian/sqlite3?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / sqlite3
Package
- Name
- sqlite3
- Purl
- pkg:deb/debian/sqlite3?arch=source
Git / github.com/sqlite/sqlite
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sqlite/sqlite
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
Affected versions
Other
cvs-to-fossil-cutover
experimental
fts3-refactor
same-as-3.*
same-as-3.35.3
version-3.*
version-3.10.0
version-3.11.0
version-3.11.1
version-3.12.0
version-3.13.0
version-3.14.0
version-3.15.0
version-3.16.0
version-3.19.0
version-3.19.1
version-3.19.2
version-3.21.0
version-3.22.0
version-3.23.0
version-3.23.1
version-3.24.0
version-3.25.0
version-3.26.0
version-3.27.0
version-3.28.0
version-3.29.0
version-3.30.0
version-3.31.0
version-3.31.1
version-3.32.0
version-3.32.1
version-3.33.0
version-3.34.0
version-3.35.0
version-3.35.1
version-3.35.2
version-3.36.0
version-3.37.0
version-3.6.10
version-3.6.15
version-3.7.10
version-3.7.11
version-3.7.12
version-3.7.12.1
version-3.7.13
version-3.7.14
version-3.7.15
version-3.7.16
version-3.7.16.1
version-3.7.16.2
version-3.7.17
version-3.7.2
version-3.7.4
version-3.7.5
version-3.7.6
version-3.7.6.1
version-3.7.7
version-3.7.8
version-3.7.9
version-3.8.0
version-3.8.1
version-3.8.10
version-3.8.10.1
version-3.8.11
version-3.8.11.1
version-3.8.2
version-3.8.3
version-3.8.4
version-3.8.4.1
version-3.8.5
version-3.8.6
version-3.8.7
version-3.8.7.1
version-3.8.8
version-3.8.9
version-3.9.0
version-3.9.1