CVE-2021-36690

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SQLite version 3.36.0

Description The issue is related to a segmentation fault that can occur in the sqlite3.exe command-line component of SQLite via the idxGetTableInfo function when there is a crafted SQL query. This can cause a denial of service. The vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges.

Recommendations For SQLite version 3.36.0, this issue was addressed with improved checks.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2021-2838

ALT-PU-2021-3336

ALT-PU-2022-1516

AZL-8484

BDU:2021-05231

BIT-SQLITE-2021-36690

CVE-2021-36690

DLA-3907-1

MGASA-2022-0175

OPENSUSE-SU-2022_3307-1

OPENSUSE-SU-2024:12347-1

SUSE-SU-2022:3307-1

SUSE-SU-2022:3307-2

SUSE-SU-2022:3401-1

USN-5403-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Apple Macos

Sqlite

Suse

Ubuntu

CVE-2021-36690

Weakness Enumeration

Related Identifiers

Affected Products

References · 53