{"id":"ASB-A-153352319","details":"In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-153352319","CVE-2021-0646"],"modified":"2026-04-10T16:16:18.068628Z","published":"2021-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/sqlite/+/c072485125763d11da918aec3232b9e3b113d8dd"}],"affected":[{"package":{"name":"platform/external/sqlite","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2021-08-01"}]}],"versions":["8.1"],"ecosystem_specific":{"severity":"High","types":["EoP"],"spl":"2021-08-01","fixes":["https://android.googlesource.com/platform/external/sqlite/+/cc22cf390226e23caa4b450cb003fece84943e2c"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-153352319.json"}},{"package":{"name":"platform/external/sqlite","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-08-01"}]}],"versions":["9"],"ecosystem_specific":{"severity":"High","types":["EoP"],"spl":"2021-08-01","fixes":["https://android.googlesource.com/platform/external/sqlite/+/b7e6ee25f15ed49e1f86fa3904f46951b28b67ba"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-153352319.json"}},{"package":{"name":"platform/external/sqlite","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-08-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","types":["EoP"],"spl":"2021-08-01","fixes":["https://android.googlesource.com/platform/external/sqlite/+/8684a5f43098afd47712c27f5120d461dd11c4c9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-153352319.json"}},{"package":{"name":"platform/external/sqlite","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-08-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["EoP"],"spl":"2021-08-01","fixes":["https://android.googlesource.com/platform/external/sqlite/+/4810d35fd17c3ab2f1fcbe9a0c73a8c587623d89"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-153352319.json"}}],"schema_version":"1.7.5"}