CVE-2021-45346

Description

A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.

How to fix CVE-2021-45346

To remediate CVE-2021-45346, upgrade the affected package to a fixed version below.

• —upgrade to 3.35.2 or later
• —no fix listed

Is CVE-2021-45346 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• >= 3.35.1, < 3.35.2, >= 3.37.0, < 3.37.1
• from 0

CVSS scores

References (7)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-45346
• WEBgithub.com/guyinatuxedo/sqlite3_record_leaking
• WEBnvd.nist.gov/vuln/detail/CVE-2021-45346
• WEBsecurity.netapp.com/advisory/ntap-20220303-0001/
• WEB