SQLite 3.6

Integer Truncation on SQLite

sqlite: use-after-free in the ALTER TABLE implementation

sqlite: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns

sqlite: Heap-buffer overflow in the getNodeSize function

sqlite: omits bits from the colUsed bitmask in the case of a generated column

sqlite: heap out-of-bound read in function rtreenode()

sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)

sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)

sqlite: SQLite: Information Disclosure via Crafted ZIP File

sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API

sqlite: use-after-free in resetAccumulator in select.c

sqlite: malformed window-function query leads to DoS

sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations

sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error

sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames

sqlite: error mishandling because of incomplete fix of CVE-2019-19880

sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive

sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference

sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan)

sqlite: NULL pointer dereference in tableColumnList

sqlite: stack buffer overflow in src/printf.c

sqlite: invalid free() in src/vdbe.c

sqlite: use of uninitialized memory when parsing collation sequences in src/where.c

sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c

sqlite: Tempdir selection vulnerability

SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow

sqlite: potential use-after-free bug when processing a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate

sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c

sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query

sqlite: Virtual table can be renamed into the name of one of its shadow tables

sqlite: NULL pointer dereference in sqlite3ExprCodeTarget()

sqlite: integer overflow in sqlite3_str_vappendf function in printf.c

sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements

sqlite: Local DoS via dump_callback function

sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting

sqlite: array overrun in the skip-scan optimization leading to memory corruption (DoS)

Sqlite: use-after-free bug in jsonparseaddnodearray