Use After Free in sqlite3

Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Use After Free ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

Remediation

Upgrade sqlite3 to version or higher.

References

ADVISORY
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
Debian Security Tracker
FEDORA
FREEBSD
FULLDISC
FULLDISC
FULLDISC
FULLDISC
GENTOO
MISC
MISC
MISC
MISC
MLIST
UBUNTU

Attack Vector

Local
Attack Complexity

High
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2020-13630
CWE: CWE-416
Snyk ID: SNYK-UBUNTU1804-SQLITE3-571696
Disclosed: 27 May, 2020
Published: 27 May, 2020

Use After Free
Affecting sqlite3 package, versions <3.22.0-1ubuntu0.4

Overview

Remediation

References

CVSS Score

Use After Free Affecting sqlite3 package, versions <3.22.0-1ubuntu0.4

Overview

Remediation

References

Use After Free
Affecting sqlite3 package, versions <3.22.0-1ubuntu0.4