CVE-2020-9991 The advisory has been revoked - it doesn't affect any version of package sqlite3 Open this link in a new tab
Threat Intelligence
EPSS
1.01% (84th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UBUNTU2004-SQLITE3-1070680
- published 9 Feb 2021
- disclosed 8 Dec 2020
Introduced: 8 Dec 2020
CVE-2020-9991 Open this link in a new tabAmendment
The Ubuntu
security team deemed this advisory irrelevant for Ubuntu:20.04
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream sqlite3
package and not the sqlite3
package as distributed by Ubuntu
.
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-9991
- https://support.apple.com/kb/HT211846
- http://seclists.org/fulldisclosure/2020/Dec/32
- https://support.apple.com/en-us/HT211843
- https://support.apple.com/en-us/HT211844
- https://support.apple.com/en-us/HT211847
- https://support.apple.com/en-us/HT211850
- https://support.apple.com/en-us/HT211931
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E