CVE-2021-3119

Name of the Vulnerable Software and Affected Versions Zetetic SQLCipher versions 4.x before 4.4.3

Description The issue is related to a NULL pointer dereferencing problem in the sqlcipher export function in crypto.c and the sqlite3StrICmp function in sqlite3.c. This may allow an attacker to perform a remote denial of service attack by executing a crafted SQL command sequence, which can cause a segmentation fault. An example of such an attack is through SQL injection.

Recommendations For Zetetic SQLCipher versions 4.x before 4.4.3, update to version 4.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the sqlcipher export function and the sqlite3StrICmp function until a patch is available. Additionally, implement measures to prevent SQL injection attacks to minimize the risk of exploitation.