Skip to main content

Sqlite CVE-2017-13685

MEDIUM
Improper Input Validation (CWE-20)
2017-08-29 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 29, 2017 - 06:29 cve.org
MEDIUM 5.5

DescriptionCVE.org

The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.

AnalysisAI

The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. Affected products include: Sqlite.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Sqlite

View all
CVE-2015-5895 CRITICAL POC
10.0 Sep 18

Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and a

CVE-2017-10989 CRITICAL
9.8 Jul 07

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles u

CVE-2025-6965 HIGH POC
7.2 Jul 15

Memory corruption in SQLite versions before 3.50.2 allows network-based attackers with low privileges to manipulate aggr

CVE-2019-5018 HIGH POC
8.1 May 10

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. Rated high se

CVE-2018-20346 HIGH POC
8.1 Dec 21

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow)

CVE-2017-15286 HIGH POC
7.5 Oct 12

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases wh

CVE-2022-35737 HIGH POC
7.5 Aug 03

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a

CVE-2021-36690 HIGH POC
7.5 Aug 24

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo functi

CVE-2020-13871 HIGH POC
7.5 Jun 06

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions i

CVE-2020-11655 HIGH POC
7.5 Apr 09

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function

CVE-2023-7104 HIGH POC
7.3 Dec 29

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical.c of the component make alltest Hand

CVE-2022-46908 HIGH POC
7.3 Dec 12

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the

Share

CVE-2017-13685 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy