CVE-2021-45346 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-45346 Interim 1 9 2025-08-14T00:50:24Z current 2022-03-02T02:22:29Z 2025-08-14T00:50:24Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-45346 A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Availability Extension 12 SP3 SUSE Linux Enterprise High Availability Extension 12 SP4 SUSE Linux Enterprise High Availability Extension 12 SP5 SUSE Linux Enterprise Server for SAP All-in-One 11 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 sqlite2 sqlite2 as a component of SUSE Linux Enterprise High Availability Extension 12 SP3 sqlite2 as a component of SUSE Linux Enterprise High Availability Extension 12 SP4 sqlite2 as a component of SUSE Linux Enterprise High Availability Extension 12 SP5 sqlite2 as a component of SUSE Linux Enterprise Server for SAP All-in-One 11 SP4 sqlite2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 sqlite2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 sqlite2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. CVE-2021-45346 SUSE Linux Enterprise High Availability Extension 12 SP3:sqlite2 SUSE Linux Enterprise High Availability Extension 12 SP4:sqlite2 SUSE Linux Enterprise High Availability Extension 12 SP5:sqlite2 SUSE Linux Enterprise Server for SAP All-in-One 11 SP4:sqlite2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:sqlite2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:sqlite2 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sqlite2 low 4 AV:N/AC:L/Au:S/C:P/I:N/A:N 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N