SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bounds read in fts5LeafSeek() via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate() through a crafted continuation page causing an integer underflow, exploitable when an FTS5 MATCH query is executed against the malicious database.
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.37.2-2ubuntu0.6"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.37.2-2ubuntu0.6"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.37.2-2ubuntu0.6"
},
{
"binary_name": "sqlite3",
"binary_version": "3.37.2-2ubuntu0.6"
},
{
"binary_name": "sqlite3-tools",
"binary_version": "3.37.2-2ubuntu0.6"
}
]
}{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "3.45.1-1ubuntu2.6",
"binary_name": "lemon"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.45.1-1ubuntu2.6"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.45.1-1ubuntu2.6"
},
{
"binary_version": "3.45.1-1ubuntu2.6",
"binary_name": "sqlite3"
},
{
"binary_name": "sqlite3-tools",
"binary_version": "3.45.1-1ubuntu2.6"
}
]
}{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "3.46.1-8ubuntu0.1",
"binary_name": "lemon"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.46.1-8ubuntu0.1"
},
{
"binary_name": "libsqlite3-ext-csv",
"binary_version": "3.46.1-8ubuntu0.1"
},
{
"binary_name": "libsqlite3-ext-icu",
"binary_version": "3.46.1-8ubuntu0.1"
},
{
"binary_version": "3.46.1-8ubuntu0.1",
"binary_name": "libsqlite3-tcl"
},
{
"binary_name": "sqlite3",
"binary_version": "3.46.1-8ubuntu0.1"
},
{
"binary_name": "sqlite3-tools",
"binary_version": "3.46.1-8ubuntu0.1"
}
]
}{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.46.1-9ubuntu0.1"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.46.1-9ubuntu0.1"
},
{
"binary_name": "libsqlite3-ext-csv",
"binary_version": "3.46.1-9ubuntu0.1"
},
{
"binary_name": "libsqlite3-ext-icu",
"binary_version": "3.46.1-9ubuntu0.1"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.46.1-9ubuntu0.1"
},
{
"binary_version": "3.46.1-9ubuntu0.1",
"binary_name": "sqlite3"
},
{
"binary_name": "sqlite3-tools",
"binary_version": "3.46.1-9ubuntu0.1"
}
]
}{
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.8.2-1ubuntu2.2+esm5"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.8.2-1ubuntu2.2+esm5"
},
{
"binary_version": "3.8.2-1ubuntu2.2+esm5",
"binary_name": "libsqlite3-tcl"
},
{
"binary_name": "sqlite3",
"binary_version": "3.8.2-1ubuntu2.2+esm5"
}
]
}{
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.11.0-1ubuntu1.5+esm3"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.11.0-1ubuntu1.5+esm3"
},
{
"binary_version": "3.11.0-1ubuntu1.5+esm3",
"binary_name": "libsqlite3-tcl"
},
{
"binary_name": "sqlite3",
"binary_version": "3.11.0-1ubuntu1.5+esm3"
}
]
}{
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.22.0-1ubuntu0.7+esm2"
},
{
"binary_name": "libsqlite3-0",
"binary_version": "3.22.0-1ubuntu0.7+esm2"
},
{
"binary_name": "libsqlite3-tcl",
"binary_version": "3.22.0-1ubuntu0.7+esm2"
},
{
"binary_name": "sqlite3",
"binary_version": "3.22.0-1ubuntu0.7+esm2"
}
]
}{
"binaries": [
{
"binary_name": "lemon",
"binary_version": "3.31.1-4ubuntu0.7+esm1"
},
{
"binary_version": "3.31.1-4ubuntu0.7+esm1",
"binary_name": "libsqlite3-0"
},
{
"binary_version": "3.31.1-4ubuntu0.7+esm1",
"binary_name": "libsqlite3-tcl"
},
{
"binary_name": "sqlite3",
"binary_version": "3.31.1-4ubuntu0.7+esm1"
}
]
}