CVE-2021-36690
HIGHSQLite 3.36.0 - Denial of Service via idxGetTableInfo Function
Title source: llmDescription
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
References (11)
Core 11
Core References
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/39
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/49
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/47
Third Party Advisory
https://support.apple.com/kb/HT213446
Third Party Advisory
https://support.apple.com/kb/HT213486
Third Party Advisory
https://support.apple.com/kb/HT213487
Third Party Advisory
https://support.apple.com/kb/HT213488
Exploit, Patch, Vendor Advisory
https://www.sqlite.org/forum/forumpost/718c0a8d17
Scores
CVSS v3
7.5
EPSS
0.0172
EPSS Percentile
82.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (6)
apple/iphone_os
< 16.0
apple/macos
< 13.0
apple/tvos
< 16.0
apple/watchos
< 9.0
oracle/zfs_storage_appliance_kit
8.8
sqlite/sqlite
3.36.0
Published
Aug 24, 2021
Tracked Since
Feb 18, 2026