{"id":"ASB-A-153352319", "published":"2021-08-01T00:00:00Z", "modified":"2026-04-10T16:16:18.068628499Z", "aliases":["CVE-2021-0646", "A-153352319"], "details":"In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/external/sqlite", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-08-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/sqlite/+/cc22cf390226e23caa4b450cb003fece84943e2c"], "severity":"High", "spl":"2021-08-01", "types":["EoP"]}}, {"package":{"name":"platform/external/sqlite", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-08-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/sqlite/+/b7e6ee25f15ed49e1f86fa3904f46951b28b67ba"], "severity":"High", "spl":"2021-08-01", "types":["EoP"]}}, {"package":{"name":"platform/external/sqlite", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-08-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/sqlite/+/8684a5f43098afd47712c27f5120d461dd11c4c9"], "severity":"High", "spl":"2021-08-01", "types":["EoP"]}}, {"package":{"name":"platform/external/sqlite", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-08-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/sqlite/+/4810d35fd17c3ab2f1fcbe9a0c73a8c587623d89"], "severity":"High", "spl":"2021-08-01", "types":["EoP"]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/external/sqlite/+/c072485125763d11da918aec3232b9e3b113d8dd"}]}