{"affected":[{"ecosystem_specific":{"binaries":[{"libsqlite3-0":"3.36.0-3.12.1","libsqlite3-0-32bit":"3.36.0-3.12.1","sqlite3":"3.36.0-3.12.1","sqlite3-devel":"3.36.0-3.12.1","sqlite3-doc":"3.36.0-3.12.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"sqlite3","purl":"pkg:rpm/opensuse/sqlite3&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.36.0-3.12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for sqlite3 fixes the following issues:\n\n- Update to version 3.36.0\n- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener\n  optimization (bsc#1173641)\n- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in\n  isAuxiliaryVtabOperator (bsc#1164719)\n- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)\n- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\\0' input (bsc#1160438)\n- CVE-2019-19923: improper handling  of  certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer\n  dereference (bsc#1160309)\n- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)\n- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)\n- CVE-2019-19926: improper handling  of certain errors during parsing  multiSelect in select.c (bsc#1159715)\n- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference\n  (bsc#1159491)\n- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with\n  a shadow table name (bsc#1158960)\n- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated\n  columns (bsc#1158959)\n- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views\n  in conjunction with ALTER TABLE statements (bsc#1158958)\n- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,\n  which allows attackers to cause a denial of service (bsc#1158812)\n- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a\n  sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)\n- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)\n- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)\n- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)\n- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow\n- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)\n- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)\n- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)\n","id":"openSUSE-SU-2021:2320-1","modified":"2021-07-14T15:01:28Z","published":"2021-07-14T15:01:28Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JD4EZ74IZ57MKTDKDVIUAIG6VCAEKMD5/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1157818"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158812"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158958"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158959"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158960"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159491"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159715"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159847"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159850"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160309"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160438"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160439"},{"type":"REPORT","url":"https://bugzilla.suse.com/1164719"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172091"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172115"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172234"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172236"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172240"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173641"},{"type":"REPORT","url":"https://bugzilla.suse.com/928700"},{"type":"REPORT","url":"https://bugzilla.suse.com/928701"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3414"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3415"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19244"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19317"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19603"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19645"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19646"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19880"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19923"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19924"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19925"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19926"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19959"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-20218"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13434"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13435"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13630"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13631"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13632"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15358"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-9327"}],"related":["CVE-2015-3414","CVE-2015-3415","CVE-2019-19244","CVE-2019-19317","CVE-2019-19603","CVE-2019-19645","CVE-2019-19646","CVE-2019-19880","CVE-2019-19923","CVE-2019-19924","CVE-2019-19925","CVE-2019-19926","CVE-2019-19959","CVE-2019-20218","CVE-2020-13434","CVE-2020-13435","CVE-2020-13630","CVE-2020-13631","CVE-2020-13632","CVE-2020-15358","CVE-2020-9327"],"summary":"Security update for sqlite3","upstream":["CVE-2015-3414","CVE-2015-3415","CVE-2019-19244","CVE-2019-19317","CVE-2019-19603","CVE-2019-19645","CVE-2019-19646","CVE-2019-19880","CVE-2019-19923","CVE-2019-19924","CVE-2019-19925","CVE-2019-19926","CVE-2019-19959","CVE-2019-20218","CVE-2020-13434","CVE-2020-13435","CVE-2020-13630","CVE-2020-13631","CVE-2020-13632","CVE-2020-15358","CVE-2020-9327"]}