Sqlite 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and vendor risk memory corruption などに関し、一部は ファイル上書き を招き、vendor surface data access and vendor surface data storage 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-13632 | ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. | [email protected] | 5.5 | 0.57% | 2020-05-27 | 2026-06-16 |
| CVE-2020-13631 | SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | [email protected] | 5.5 | 0.62% | 2020-05-27 | 2026-06-16 |
| CVE-2020-13630 | ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | [email protected] | 7.0 | 1.03% | 2020-05-27 | 2026-06-16 |
| CVE-2020-13435 | SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. | [email protected] | 5.5 | 0.64% | 2020-05-24 | 2026-06-16 |
| CVE-2020-13434 | SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | [email protected] | 5.5 | 1.01% | 2020-05-24 | 2026-06-16 |
| CVE-2020-11656 | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | [email protected] | 9.8 | 7.41% | 2020-04-08 | 2026-06-16 |
| CVE-2020-11655 | SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | [email protected] | 7.5 | 5.05% | 2020-04-08 | 2026-06-16 |
| CVE-2020-9327 | In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | [email protected] | 7.5 | 3.68% | 2020-02-21 | 2026-06-16 |
| CVE-2019-19959 | ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. | [email protected] | 7.5 | 3.24% | 2020-01-03 | 2026-06-16 |
| CVE-2019-20218 | selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. | [email protected] | 7.5 | 3.62% | 2020-01-02 | 2026-06-16 |
| CVE-2019-19925 | zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | [email protected] | 7.5 | 6.81% | 2019-12-24 | 2026-06-16 |
| CVE-2019-19924 | SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. | [email protected] | 5.3 | 7.86% | 2019-12-24 | 2026-06-16 |
| CVE-2019-19923 | flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). | [email protected] | 7.5 | 6.81% | 2019-12-24 | 2026-06-16 |
| CVE-2019-19926 | multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | [email protected] | 7.5 | 7.00% | 2019-12-22 | 2026-06-16 |
| CVE-2019-19880 | exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | [email protected] | 7.5 | 6.94% | 2019-12-18 | 2026-06-16 |
| CVE-2019-19646 | pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | [email protected] | 9.8 | 5.38% | 2019-12-09 | 2026-06-16 |
| CVE-2019-19603 | SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | [email protected] | 7.5 | 8.25% | 2019-12-09 | 2026-06-16 |
| CVE-2019-19645 | alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | [email protected] | 5.5 | 0.57% | 2019-12-09 | 2026-06-16 |
| CVE-2019-19317 | lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | [email protected] | 9.8 | 4.28% | 2019-12-05 | 2026-06-16 |
| CVE-2019-19242 | SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. | [email protected] | 5.9 | 2.54% | 2019-11-27 | 2026-06-16 |