| 9.6 hours ago |
FTS3 `fts3ReadEndBlockField()` negates INT64_MIN text and triggers signed integer overflow | no replies | Open |
| 9.6 hours ago |
FTS3 `fts3EvalNearTrim()` can overflow the position-list buffer during an in-place NEAR merge | no replies | Open |
| 10.5 hours ago |
WAL read-only `readonly_shm` path accepts page-size 0 and over-reads in `walChecksumBytes()` | no replies | Open |
| 1.6 days ago |
Vuln53-34: FTS5 fts5IndexTombstoneRebuild Signed Integer Overflow on Corrupt Tombstone nElem Field | 2 posts spanning 13.3 hours | Resolved |
| 1.9 days ago |
Vuln56-37: fileio realpath() Missing OOM Check on mprintf Result Causes strlen(NULL) Crash | 2 posts spanning 2.9 hours | Resolved |
| 1.9 days ago |
Vuln54-35: RBU rbu_fossil_delta Signed Integer Overflow on Crafted Delta Output Size | 2 posts spanning 3.9 hours | Resolved |
| 2.0 days ago |
Vuln55-36: fossildelta delta_create Missing OOM Check Causes NULL Dereference | 2 posts spanning 2.9 hours | Resolved |
| 2.0 days ago |
Out-of-bounds read in deltaGetInt() when input contains no in-buffer terminator (ext/misc/fossildelta.c) | 4 posts spanning 2.8 hours | Resolved |
| 2.7 days ago |
Vuln52-33: replace() Bounds-Check Assert Signed Integer Overflow on Large Strings Under Raised SQLITE_MAX_LENGTH | 3 posts spanning 7.2 hours | Resolved |
| 2.8 days ago |
SQLite3 Non-deterministic Function Bypass in CREATE INDEX Expression Validation | 5 posts spanning 2.1 days | Resolved |
| 2.9 days ago |
Vuln51-32: FTS5 in-Memory Hash Signed Integer Overflow on Doclist Doubling Reachable Under Raised SQLITE_MAX_LENGTH | 2 posts spanning 5.3 hours | Resolved |
| 3.6 days ago |
Vuln50-31: FTS5 integrity-check Heap Buffer Over-Read in fts5IndexIntegrityCheckSegment | 2 posts spanning 1.8 hours | Resolved |
| 3.7 days ago |
Vuln49-30: FTS5 Reverse Iterator Heap Buffer Over-Read via Unvalidated szLeaf on Corrupt Segment Leaf | 4 posts spanning 4.3 hours | Resolved |
| 3.8 days ago |
Vuln48-29: FTS5 NEAR Query Heap Use-After-Free via In-Place Poslist Rewrite Realloc | 2 posts spanning 4.9 hours | Resolved |
| 3.9 days ago |
Vuln47-28: FTS5 snippet() Signed Integer Overflow on Attacker-Controlled nToken Argument | 2 posts spanning 2.9 hours | Resolved |
| 6.8 days ago |
SELECT DISTINCT ORDER BY returns different row order depending on index usage | 2 posts spanning 14.7 minutes | Resolved |
| 7.7 days ago |
Vuln46-27: WhereTerm.nChild u8 Wraparound Skips Verification of Vector IN Components Past Index Width | 2 posts spanning 7.0 hours | Resolved |
| 7.9 days ago |
Vuln45-26: pcache1InitBulk do-while Loop Heap Buffer Overflow When -pagecache N=-1 Produces nBulk=0 | 2 posts spanning 5.1 hours | Resolved |
| 7.9 days ago |
SQLite uuid_str()/uuid_blob() TEXT Conversion OOM NULL Dereference DoS | 2 posts spanning 1.9 hours | Resolved |
| 7.9 days ago |
Vuln44-25: Vector IN Step-6 Ignores aiMap Permutation When the Engine Uses an Index With Reordered Columns | 2 posts spanning 4.8 hours | Resolved |
| 7.9 days ago |
wholenumberFilter() INT64 Bound Signed Overflow DoS | 2 posts spanning 1.7 hours | Resolved |
| 8.1 days ago |
.import CSV files: treatment of scientific notation has changed | 3 posts spanning 1.6 hours | Resolved |
| 8.5 days ago |
Vuln36-17: ICU LIKE Overlong UTF-8 Sequences Decode to Real Wildcards Bypassing Byte-Level Pattern Sanitization | 2 posts spanning 16.9 hours | Resolved |
| 8.6 days ago |
ALTER TABLE ... ALTER ... DROP NOT NULL only removes one not null constraint | 2 posts spanning 7.1 days | Resolved |
| 8.7 days ago |
Vuln43-24: R-Tree nodeRowidIndex Assertion Failure on Oversized Leaf Node via xConnect Accepting Unbounded Node Size | 2 posts spanning 2.1 hours | Resolved |
| ↓ Older... |