CVE-2020-27207

Name of the Vulnerable Software and Affected Versions Zetetic SQLCipher versions 4.x before 4.4.1

Description The issue is related to a use-after-free error, specifically involving sqlcipher codec pragma and sqlite3Strlen30 in sqlite3.c. This can lead to a remote denial of service attack. An example of exploitation includes using SQL injection to execute a crafted SQL command sequence, resulting in the reading of unexpected RAM data.

Recommendations For versions prior to 4.4.1, update to version 4.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of SQL commands that could lead to the exploitation of the sqlcipher codec pragma and sqlite3Strlen30 functions until a patch is applied.