NULL Pointer Dereference in SQLite Affecting Multiple Vendors
CVE-2020-13632

5.5MEDIUM

Key Information:

Vendor

Sqlite

Status
Sqlite
Vendor
CVE Published:
27 May 2020

What is CVE-2020-13632?

A null pointer dereference vulnerability exists in the matchinfo() query handler of SQLite versions before 3.32.0. An attacker can exploit this vulnerability by crafting a specific matchinfo() query that leads to a denial of service or unexpected behavior in applications using the affected SQLite library. Developers are advised to upgrade to the latest version to mitigate potential risks associated with this vulnerability.

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://usn.ubuntu.com/4394-1/
vendor-advisoryx_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.