NULL Pointer Dereference
Affecting sqlite3 package, versions <3.11.0-1ubuntu1.5
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
Affected versions of this package are vulnerable to NULL Pointer Dereference ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
Remediation
Upgrade sqlite3
to version or higher.
References
CVSS Score
5.5
medium severity
-
Attack VectorLocal
-
Attack ComplexityLow
-
Privileges RequiredLow
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityNone
-
IntegrityNone
-
AvailabilityHigh
- CVE
- CVE-2020-13632
- CWE
- CWE-476
- Snyk ID
- SNYK-UBUNTU1604-SQLITE3-571707
- Disclosed
- 27 May, 2020
- Published
- 27 May, 2020