PT-2020-3859 · Sqlite+10 · Sqlite+10

Published

2020-05-14

Updated

2024-06-15

CVE-2020-13632

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: SQLite versions prior to 3.32.0

Description: The issue is related to a null pointer dereference in the ext/fts3/fts3 snippet.c component of the SQLite database management system. This can be exploited via a crafted matchinfo() query, potentially allowing an attacker to cause a denial of service.

Recommendations: For versions prior to 3.32.0, update to version 3.32.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the matchinfo() query function until a patch is available.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2021:1968

ALT-PU-2020-2004

ALT-PU-2020-2898

AZL-38578

BDU:2020-04251

BIT-SQLITE-2020-13632

CESA-2020_4442

CESA-2021_1968

CVE-2020-13632

DLA-2340-1

MGASA-2021-0303

OPENSUSE-SU-2021:1058-1

OPENSUSE-SU-2021:2320-1

OPENSUSE-SU-2021_1058-1

OPENSUSE-SU-2021_2320-1

OPENSUSE-SU-2024:11400-1

RHSA-2020:4442

RHSA-2020_4442

RHSA-2021:1968

RHSA-2021_1968

SUSE-SU-2021:2320-1

SUSE-SU-2021:3215-1

USN-4394-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Freebsd

Linuxmint

Red Hat

Rocky Linux

Sqlite

Suse

Ubuntu

PT-2020-3859 · Sqlite+10 · Sqlite+10

CVE-2020-13632

Weakness Enumeration

Related Identifiers

Affected Products

References · 119