FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
546deeea-3fc6-11e6-a671-60a44ce6887bSQLite3 -- Tempdir Selection Vulnerability

KoreLogic security reports:

Affected versions of SQLite reject potential tempdir locations if they are not readable, falling back to '.'. Thus, SQLite will favor e.g. using cwd for tempfiles on such a system, even if cwd is an unsafe location. Notably, SQLite also checks the permissions of '.', but ignores the results of that check.


Discovery 2016-07-01
Entry 2016-07-03
sqlite3
lt 3.13.0

CVE-2016-6153
ports/209827
https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
http://openwall.com/lists/oss-security/2016/07/01/2
http://www.sqlite.org/cgi/src/info/67985761aa93fb61
http://www.sqlite.org/cgi/src/info/b38fe522cfc971b3
http://www.sqlite.org/cgi/src/info/614bb709d34e1148
c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3several security issues in sqlite3

sqlite3 update:

Various security issues could be used by an attacker to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

  • CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
  • CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
  • CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
  • CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
  • CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
  • CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

Discovery 2020-05-25
Entry 2020-06-10
Modified 2020-08-06
sqlite3
lt 3.32.2,1

FreeBSD
ge 12.1 lt 12.1_8

ge 11.4 lt 11.4_2

ge 11.3 lt 11.3_12

https://nvd.nist.gov/vuln/detail/CVE-2020-11655
CVE-2020-11655
https://nvd.nist.gov/vuln/detail/CVE-2020-13434
CVE-2020-13434
https://nvd.nist.gov/vuln/detail/CVE-2020-13435
CVE-2020-13435
https://nvd.nist.gov/vuln/detail/CVE-2020-13630
CVE-2020-13630
https://nvd.nist.gov/vuln/detail/CVE-2020-13631
CVE-2020-13631
https://nvd.nist.gov/vuln/detail/CVE-2020-13632
CVE-2020-13632
SA-20:22.sqlite
dec3164f-3121-45ef-af18-bb113ac5082fsqlite -- multiple vulnerabilities

NVD reports:

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.


Discovery 2015-04-14
Entry 2015-04-18
Modified 2015-05-08
sqlite3
lt 3.8.9

CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
https://www.sqlite.org/src/info/eddc05e7bb31fae7
https://www.sqlite.org/src/info/02e3c88fbf6abdcf
https://www.sqlite.org/src/info/c494171f77dc2e5e
http://seclists.org/fulldisclosure/2015/Apr/31
6d52bda1-2e54-11e8-a68f-485b3931c969SQLite -- Corrupt DB can cause a NULL pointer dereference

MITRE reports:

SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.


Discovery 2018-03-16
Entry 2018-03-22
sqlite3
lt 3.22.0_1

CVE-2018-8740
http://openwall.com/lists/oss-security/2018/03/17/1
9245681c-7c3c-11e7-b5af-a4badb2f4699sqlite3 -- heap-buffer overflow

Google reports:

A heap-buffer overflow (sometimes a crash) can arise when running a SQL request on malformed sqlite3 databases.


Discovery 2017-08-08
Entry 2017-08-08
Modified 2017-09-19
sqlite3
lt 3.20.0

https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
CVE-2017-10989