In SQLite 3.27.2, running fts5 prefix queries inside a...
High severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Mar 22, 2019
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Feb 1, 2023
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
References