CVE-2020-35527

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SQLite version 3.31.1

Description The issue is caused by an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. This can be exploited by a remote attacker to execute arbitrary code. The problem is also described as a buffer overflow in the database management system.

Recommendations For SQLite version 3.31.1, consider restricting access to the ALTER TABLE statement for views with nested FROM clauses until a patch is available. As a temporary workaround, avoid using the ALTER TABLE statement on views that have a nested FROM clause to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Resource Release

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-119

Related Identifiers

ALSA-2022:7108

ALT-PU-2020-2004

BDU:2023-05664

BDU:2023-05665

BIT-SQLITE-2020-35527

CESA-2022_7108

CVE-2020-35527

DLA-3107-1

RHSA-2022:7108

RHSA-2022_7108

RLSA-2022:7108

USN-5615-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Sqlite

Ubuntu

CVE-2020-35527

Weakness Enumeration

Related Identifiers

Affected Products

References · 36