CVE-2020-13435

sqlite: NULL pointer dereference in sqlite3ExprCodeTarget()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

SQLite versiones hasta 3.32.0, presenta un error de segmentación en la función sqlite3ExprCodeTarget en el archivo expr.c.

A NULL pointer dereference flaw was found in SQLite when rewriting select statements for window functions. This flaw allows an attacker who can execute SQL statements, to crash the application, resulting in a denial of service.

It was discovered that SQLite incorrectly handled certain corrupted schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that SQLite incorrectly handled certain SELECT statements. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. It was discovered that SQLite incorrectly handled certain self-referential views. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-05-24 CVE Reserved
2020-05-24 CVE Published
2024-08-04 CVE Updated
2024-08-04 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (20)

URL	Tag	Source
http://seclists.org/fulldisclosure/2020/Dec/32	Mailing List
http://seclists.org/fulldisclosure/2020/Nov/19	Mailing List
http://seclists.org/fulldisclosure/2020/Nov/20	Mailing List
http://seclists.org/fulldisclosure/2020/Nov/22	Mailing List
https://security.netapp.com/advisory/ntap-20200528-0004	Third Party Advisory
https://support.apple.com/kb/HT211843	X_refsource_confirm
https://support.apple.com/kb/HT211844	X_refsource_confirm
https://support.apple.com/kb/HT211850	X_refsource_confirm
https://support.apple.com/kb/HT211931	X_refsource_confirm
https://support.apple.com/kb/HT211935	X_refsource_confirm
https://support.apple.com/kb/HT211952	X_refsource_confirm
https://www.oracle.com/security-alerts/cpuApr2021.html	X_refsource_misc
https://www.oracle.com/security-alerts/cpujul2020.html	X_refsource_misc

URL	Date	SRC
https://www.sqlite.org/src/info/7a5279a25c57adf1	2024-08-04

URL	Date	SRC

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN	2023-11-07
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc	2023-11-07
https://security.gentoo.org/glsa/202007-26	2023-11-07
https://usn.ubuntu.com/4394-1	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-13435	2021-11-09
https://bugzilla.redhat.com/show_bug.cgi?id=1841231	2021-11-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sqlite Search vendor "Sqlite"		Sqlite Search vendor "Sqlite" for product "Sqlite"				<= 3.32.0 Search vendor "Sqlite" for product "Sqlite" and version " <= 3.32.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				32 Search vendor "Fedoraproject" for product "Fedora" and version "32"		-		Affected