Denial of Service Vulnerability in SQLite Database by SQLite
CVE-2021-20227

5.5MEDIUM

Key Information:

Vendor: Sqlite
Status: Sqlite
Vendor: CVE Published:; 23 March 2021

What is CVE-2021-20227?

A vulnerability exists within the SELECT query functionality of the SQLite database, which can be exploited by an attacker with local access to execute malicious SQL queries. This flaw may enable denial of service, making the system unavailable or potentially allowing for code execution. Administrators should be vigilant about patching their SQLite installations to mitigate risks associated with this vulnerability.

Affected Version(s)

sqlite sqlite 3.34.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1924886

https://www.sqlite.org/releaselog/3_34_1.html

https://security.gentoo.org/glsa/202103-04

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2021
Vulnerability Reserved
Dec 17, 2020

Sqlite

What is CVE-2021-20227?

Affected Version(s)

References

CVSS V3.1

Timeline