Potential Null Pointer Dereference in SQLite 3.31.1
CVE-2020-35525

7.5HIGH

Key Information:

Vendor: Sqlite
Status: Sqlite
Vendor: CVE Published:; 1 September 2022

What is CVE-2020-35525?

In SQLite version 3.31.1, a vulnerability has been identified that may result in a null pointer dereference during the processing of the INTERSEC query. This flaw could potentially allow an attacker to exploit the vulnerability, leading to unexpected behavior or system crashes. It’s crucial for users of the affected version to review their usage of the INTERSEC feature and apply updates to mitigate risks associated with this vulnerability.

Affected Version(s)

sqlite sqlite 3.31.1

References

https://www.sqlite.org/src/info/a67cf5b7d37d5b14

https://security.netapp.com/advisory/ntap-20230706-0007/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2022
Vulnerability Reserved
Dec 17, 2020

Sqlite

What is CVE-2020-35525?

Affected Version(s)

References

CVSS V3.1

Timeline