PT-2020-6897 · Sqlite+11 · Sqlite+12

Published

2020-05-23

Updated

2024-06-15

CVE-2020-13435

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.32.0

Description The issue is related to a null pointer dereference in the sqlite3ExprCodeTarget function of the SQLite database management system. This can be exploited to cause a denial of service. A remote attacker may be able to trigger this issue, leading to a service disruption.

Recommendations For versions prior to 3.32.0, update to a version that includes improved checks to address this issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2021:4396

ALT-PU-2020-2017

ALT-PU-2020-2898

AZL-38965

AZL-40765

BDU:2023-05112

BIT-SQLITE-2020-13435

CESA-2021_4396

CVE-2020-13435

MGASA-2021-0303

OPENSUSE-SU-2021:1058-1

OPENSUSE-SU-2021:2320-1

OPENSUSE-SU-2021_1058-1

OPENSUSE-SU-2021_2320-1

OPENSUSE-SU-2024:11400-1

RHSA-2021:4396

RHSA-2021_4396

RLSA-2021:4396

SUSE-SU-2021:2320-1

SUSE-SU-2021:3215-1

USN-4394-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Freebsd

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Sqlite

Suse

Ubuntu

Itunes

PT-2020-6897 · Sqlite+11 · Sqlite+12

CVE-2020-13435

Weakness Enumeration

Related Identifiers

Affected Products

References · 137