CVE-2020-13630

Name

CVE-2020-13630

Description

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Permissions Required	https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
Patch	https://sqlite.org/src/info/0d69f76f0865f962
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
Third Party Advisory	https://security.netapp.com/advisory/ntap-20200608-0002/
UBUNTU	https://usn.ubuntu.com/4394-1/
MISC	https://www.oracle.com/security-alerts/cpujul2020.html
GENTOO	https://security.gentoo.org/glsa/202007-26
FREEBSD	https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
MLIST	https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
MISC	https://www.oracle.com/security-alerts/cpuoct2020.html
CONFIRM	https://support.apple.com/kb/HT211931
CONFIRM	https://support.apple.com/kb/HT211844
CONFIRM	https://support.apple.com/kb/HT211850
CONFIRM	https://support.apple.com/kb/HT211843
CONFIRM	https://support.apple.com/kb/HT211952
FULLDISC	http://seclists.org/fulldisclosure/2020/Nov/19
FULLDISC	http://seclists.org/fulldisclosure/2020/Nov/22
FULLDISC	http://seclists.org/fulldisclosure/2020/Nov/20
CONFIRM	https://support.apple.com/kb/HT211935
FULLDISC	http://seclists.org/fulldisclosure/2020/Dec/32
CONFIRM	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:sqlite:sqlite::::::::`	sqlite	>= None	< 3.32.0

Source package	Branch	Version	Maintainer	Status
sqlite	3.11-main	3.30.1-r2	Carlo Landmeter <clandmeter@gmail.com>	possibly vulnerable
sqlite	3.10-main	3.28.0-r3	Carlo Landmeter <clandmeter@gmail.com>	possibly vulnerable