A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
References
Link | Resource |
---|---|
https://github.com/guyinatuxedo/sqlite3_record_leaking | Exploit Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220303-0001/ | Third Party Advisory |
https://sqlite.org/forum/forumpost/056d557c2f8c452ed5 | Vendor Advisory |
https://sqlite.org/forum/forumpost/53de8864ba114bf6 | Vendor Advisory |
https://www.sqlite.org/cves.html#status_of_recent_sqlite_cves | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-14T00:00:00
Updated: 2022-10-31T00:00:00
Reserved: 2021-12-20T00:00:00
Link: CVE-2021-45346
JSON object: View
NVD Information
Status : Modified
Published: 2022-02-14T19:15:07.793
Modified: 2024-05-17T02:02:33.327
Link: CVE-2021-45346
JSON object: View
Redhat Information
No data.
CWE