CVE-2020-13435
sqlite: NULL pointer dereference in sqlite3ExprCodeTarget()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
SQLite versiones hasta 3.32.0, presenta un error de segmentación en la función sqlite3ExprCodeTarget en el archivo expr.c.
A NULL pointer dereference flaw was found in SQLite when rewriting select statements for window functions. This flaw allows an attacker who can execute SQL statements, to crash the application, resulting in a denial of service.
It was discovered that SQLite incorrectly handled certain corrupted schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that SQLite incorrectly handled certain SELECT statements. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. It was discovered that SQLite incorrectly handled certain self-referential views. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-24 CVE Reserved
- 2020-05-24 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (20)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List |
|
http://seclists.org/fulldisclosure/2020/Nov/19 | Mailing List |
|
http://seclists.org/fulldisclosure/2020/Nov/20 | Mailing List |
|
http://seclists.org/fulldisclosure/2020/Nov/22 | Mailing List |
|
https://security.netapp.com/advisory/ntap-20200528-0004 | Third Party Advisory |
|
https://support.apple.com/kb/HT211843 | X_refsource_confirm |
|
https://support.apple.com/kb/HT211844 | X_refsource_confirm |
|
https://support.apple.com/kb/HT211850 | X_refsource_confirm |
|
https://support.apple.com/kb/HT211931 | X_refsource_confirm |
|
https://support.apple.com/kb/HT211935 | X_refsource_confirm |
|
https://support.apple.com/kb/HT211952 | X_refsource_confirm |
|
https://www.oracle.com/security-alerts/cpuApr2021.html | X_refsource_misc |
|
https://www.oracle.com/security-alerts/cpujul2020.html | X_refsource_misc |
|
URL | Date | SRC |
---|---|---|
https://www.sqlite.org/src/info/7a5279a25c57adf1 | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sqlite Search vendor "Sqlite" | Sqlite Search vendor "Sqlite" for product "Sqlite" | <= 3.32.0 Search vendor "Sqlite" for product "Sqlite" and version " <= 3.32.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
|