In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libsqlite3-tcl-dbgsym": "3.11.0-1ubuntu1.2", "lemon-dbgsym": "3.11.0-1ubuntu1.2", "libsqlite3-0-dbg": "3.11.0-1ubuntu1.2", "libsqlite3-0-dbgsym": "3.11.0-1ubuntu1.2", "sqlite3-dbgsym": "3.11.0-1ubuntu1.2", "libsqlite3-tcl": "3.11.0-1ubuntu1.2", "libsqlite3-dev-dbgsym": "3.11.0-1ubuntu1.2", "libsqlite3-0": "3.11.0-1ubuntu1.2", "libsqlite3-dev": "3.11.0-1ubuntu1.2", "sqlite3-doc": "3.11.0-1ubuntu1.2", "sqlite3": "3.11.0-1ubuntu1.2", "lemon": "3.11.0-1ubuntu1.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libsqlite3-tcl-dbgsym": "3.22.0-1ubuntu0.1", "lemon-dbgsym": "3.22.0-1ubuntu0.1", "libsqlite3-0-dbgsym": "3.22.0-1ubuntu0.1", "sqlite3-dbgsym": "3.22.0-1ubuntu0.1", "libsqlite3-tcl": "3.22.0-1ubuntu0.1", "libsqlite3-0": "3.22.0-1ubuntu0.1", "libsqlite3-dev": "3.22.0-1ubuntu0.1", "sqlite3-doc": "3.22.0-1ubuntu0.1", "sqlite3": "3.22.0-1ubuntu0.1", "lemon": "3.22.0-1ubuntu0.1" } ] }