PT-2020-6895 · Sqlite+11 · Sqlite+12

Andrej Simko

Published

2020-05-23

Updated

2024-06-15

CVE-2020-13434

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.32.0

Description The issue is related to an integer overflow in the sqlite3 str vappendf function in printf.c, which can be exploited to cause a denial of service.

Recommendations For versions prior to 3.32.0, update to a version that includes improved checks to address the issue.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2021:1968

ALT-PU-2020-2017

ALT-PU-2020-2898

AZL-38614

BDU:2023-05062

BIT-SQLITE-2020-13434

CESA-2021_1581

CESA-2021_1968

CVE-2020-13434

DLA-2221-1

DLA-2340-1

MGASA-2021-0303

OPENSUSE-SU-2021:1058-1

OPENSUSE-SU-2021:2320-1

OPENSUSE-SU-2021_1058-1

OPENSUSE-SU-2021_2320-1

OPENSUSE-SU-2024:11400-1

RHSA-2021:1581

RHSA-2021:1968

RHSA-2021_1581

RHSA-2021_1968

RLSA-2021:1581

SUSE-SU-2021:2320-1

SUSE-SU-2021:3215-1

USN-4394-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Freebsd

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Sqlite

Suse

Ubuntu

Itunes

PT-2020-6895 · Sqlite+11 · Sqlite+12

CVE-2020-13434

Weakness Enumeration

Related Identifiers

Affected Products

References · 142