Integer Overflow Vulnerability in SQLite Affected by Multiple Vendors
CVE-2020-13434

5.5MEDIUM

Key Information:

Vendor

Sqlite

Status
Sqlite
Vendor
CVE Published:
24 May 2020

What is CVE-2020-13434?

The SQLite library experiences an integer overflow in the function sqlite3_str_vappendf located in printf.c. This vulnerability can lead to potential corruption of data and unexpected behavior in applications relying on the affected versions of SQLite. Users are advised to upgrade to version 3.32.0 or later to mitigate associated risks. Various distributions have recognized the issue and issued advisories, indicating that the vulnerability affects multiple platforms, including Debian, Fedora, Ubuntu, and others.

References

https://lists.debian.org/debian-lts-announce/2020/05/msg0...
mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://usn.ubuntu.com/4394-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.