Out of Bounds Access Vulnerability in SQLite by SQLite Software Corporation
CVE-2020-35527

9.8CRITICAL

Key Information:

Vendor: Sqlite
Status: Sqlite
Vendor: CVE Published:; 1 September 2022

What is CVE-2020-35527?

An out of bounds access vulnerability exists in SQLite version 3.31.1, which allows for potential system exploitation through ALTER TABLE operations involving views with nested FROM clauses. This issue could result in unintended data disclosure or corruption, making it crucial for organizations to investigate their systems and apply necessary mitigations.

Affected Version(s)

sqlite sqlite 3.31.1

References

https://www.sqlite.org/src/info/c431b3fd8fd0f6a6

https://security.netapp.com/advisory/ntap-20221111-0007/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 1, 2022
Vulnerability Reserved
Dec 17, 2020

Sqlite

What is CVE-2020-35527?

Affected Version(s)

References

CVSS V3.1

Timeline