Browse all 5 CVE security advisories affecting xerial. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Xerial develops database management tools, primarily focusing on SQLite database solutions. Historically, vulnerabilities in Xerial's products have included remote code execution, cross-site scripting, and privilege escalation flaws. The company has recorded five CVEs to date, with security researchers identifying issues such as improper input validation and insecure default configurations. While no major security incidents have been publicly documented, the consistent presence of multiple CVEs suggests potential areas for improvement in secure coding practices. Users should remain vigilant about applying security patches and implementing additional safeguards when using Xerial's database tools in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-43642 | Missing upper bound check on chunk length in snappy-java — snappy-javaCWE-770 | 7.5 | High | 2023-09-25 |
| CVE-2023-34455 | snappy-java's unchecked chunk length leads to DoS — snappy-javaCWE-770 | 7.5 | High | 2023-06-15 |
| CVE-2023-34454 | snappy-java's Integer Overflow vulnerability in compress leads to DoS — snappy-javaCWE-190 | 5.9 | Medium | 2023-06-15 |
| CVE-2023-34453 | snappy-java's Integer Overflow vulnerability in shuffle leads to DoS — snappy-javaCWE-190 | 5.9 | Medium | 2023-06-15 |
| CVE-2023-32697 | Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled — sqlite-jdbcCWE-94 | 8.8 | High | 2023-05-23 |
This page lists every published CVE security advisory associated with xerial. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.