FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3	several security issues in sqlite3 sqlite3 update: Various security issues could be used by an attacker to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. Discovery 2020-05-25 Entry 2020-06-10 Modified 2020-08-06 sqlite3 < 3.32.2,1 FreeBSD >= 12.1 lt 12.1_8 >= 11.4 lt 11.4_2 >= 11.3 lt 11.3_12 https://nvd.nist.gov/vuln/detail/CVE-2020-11655 CVE-2020-11655 https://nvd.nist.gov/vuln/detail/CVE-2020-13434 CVE-2020-13434 https://nvd.nist.gov/vuln/detail/CVE-2020-13435 CVE-2020-13435 https://nvd.nist.gov/vuln/detail/CVE-2020-13630 CVE-2020-13630 https://nvd.nist.gov/vuln/detail/CVE-2020-13631 CVE-2020-13631 https://nvd.nist.gov/vuln/detail/CVE-2020-13632 CVE-2020-13632 SA-20:22.sqlite
42ec2207-7e85-11ef-89a4-b42e991fc52e	sqlite -- use-after-free bug in jsonparseaddnodearray secalert@redhat.com reports: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. Discovery 2024-01-16 Entry 2024-09-29 sqlite3 < 3.43.2,1 linux-rl9-sqlite < 3.43.2 linux-c7-sqlite < 3.43.2 CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232

VuXML ID

Description

c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3

several security issues in sqlite3

sqlite3 update:

Various security issues could be used by an attacker to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

Discovery 2020-05-25
Entry 2020-06-10
Modified 2020-08-06
sqlite3

< 3.32.2,1

FreeBSD

>= 12.1 lt 12.1_8

>= 11.4 lt 11.4_2

>= 11.3 lt 11.3_12

https://nvd.nist.gov/vuln/detail/CVE-2020-11655
CVE-2020-11655
https://nvd.nist.gov/vuln/detail/CVE-2020-13434
CVE-2020-13434
https://nvd.nist.gov/vuln/detail/CVE-2020-13435
CVE-2020-13435
https://nvd.nist.gov/vuln/detail/CVE-2020-13630
CVE-2020-13630
https://nvd.nist.gov/vuln/detail/CVE-2020-13631
CVE-2020-13631
https://nvd.nist.gov/vuln/detail/CVE-2020-13632
CVE-2020-13632
SA-20:22.sqlite

42ec2207-7e85-11ef-89a4-b42e991fc52e

sqlite -- use-after-free bug in jsonparseaddnodearray

secalert@redhat.com reports:

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

Discovery 2024-01-16
Entry 2024-09-29
sqlite3

< 3.43.2,1

linux-rl9-sqlite

< 3.43.2

linux-c7-sqlite

< 3.43.2

CVE-2024-0232
https://nvd.nist.gov/vuln/detail/CVE-2024-0232