CVE-2021-20223

Name of the Vulnerable Software and Affected Versions Sqlite versions prior to 3.34.0

Description An issue was found in the fts5UnicodeTokenize() function in ext/fts5/fts5 tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens.

Recommendations For versions prior to 3.34.0, update to sqlite-3.34.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the fts5UnicodeTokenize() function until a patch is available.