Use-After-Free Vulnerability in SQLite's Snippet Feature
CVE-2020-13630

7HIGH

Key Information:

Vendor

Sqlite

Status
Sqlite
Vendor
CVE Published:
27 May 2020

What is CVE-2020-13630?

The vulnerability in SQLite, found in the fts3EvalNextRow function, leads to a use-after-free condition that can potentially allow an attacker to exploit the snippet feature, posing a significant risk to applications relying on SQLite for data management. Affected users should upgrade to version 3.32.0 or later to mitigate the risk associated with this vulnerability. This vulnerability has implications for various systems utilizing SQLite, necessitating immediate awareness and action from database administrators.

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://usn.ubuntu.com/4394-1/
vendor-advisoryx_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.