NULL Pointer Dereference in SQLite Affects Multiple Systems
CVE-2020-9327

7.5HIGH

Key Information:

Vendor

Sqlite

Status
Sqlite
Vendor
CVE Published:
21 February 2020

What is CVE-2020-9327?

In SQLite version 3.31.1, a flaw within the isAuxiliaryVtabOperator function creates an opportunity for attackers to exploit generated column optimizations. This vulnerability can lead to a NULL pointer dereference, resulting in a segmentation fault that may compromise the stability and security of affected systems. Users are advised to review their environments and implement necessary patches to mitigate risks associated with this vulnerability.

References

https://security.gentoo.org/glsa/202003-16
vendor-advisoryx_refsource_GENTOO
https://usn.ubuntu.com/4298-1/
vendor-advisoryx_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.