Information Exposure

Affecting sqlite3 package, versions *

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package.

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.

Remediation

There is no fixed version for Ubuntu:16.04 sqlite3.

References

CVSS Score

6.5
low severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    None
  • Availability
    None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE
CVE-2020-9849
CWE
CWE-200
Snyk ID
SNYK-UBUNTU1604-SQLITE3-1070697
Disclosed
08 Dec, 2020
Published
09 Feb, 2021