FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
36b905ad-7fbb-11e9-8a5f-c85b76ce9b5asqlite3 -- use after free

MITRE reports:

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.

Discovery 2019-05-09
Entry 2019-05-26
eq 3.26.0
c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3several security issues in sqlite3

sqlite3 update:

Various security issues could be used by an attacker to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

  • CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
  • CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
  • CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
  • CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
  • CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
  • CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

Discovery 2020-05-25
Entry 2020-06-10
Modified 2020-08-06
lt 3.32.2,1

ge 12.1 lt 12.1_8

ge 11.4 lt 11.4_2

ge 11.3 lt 11.3_12