CVE-2021-45346
Publication date 14 February 2022
Last updated 24 July 2024
Ubuntu priority
** DISPUTED ** A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| sqlite | ||
| 22.04 LTS jammy | Ignored vendor disputes CVE | |
| 20.04 LTS focal | Ignored vendor disputes CVE | |
| 18.04 LTS bionic | Ignored vendor disputes CVE | |
| 16.04 LTS xenial | Ignored vendor disputes CVE | |
| 14.04 LTS trusty | Ignored vendor disputes CVE | |
| sqlite3 | ||
| 22.04 LTS jammy | Ignored vendor disputes CVE | |
| 20.04 LTS focal | Ignored vendor disputes CVE | |
| 18.04 LTS bionic | Ignored vendor disputes CVE | |
| 16.04 LTS xenial | Ignored vendor disputes CVE | |
| 14.04 LTS trusty | Ignored vendor disputes CVE |
Notes
eslerm
disputed by upstream "Yes, you can do that in SQLite. You can also do it in just about every other RDBMS and every filesystem ever invented."
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |