CVE-2020-13630
sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c
Severity Score
7.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
El archivo ext/fts3/fts3.c en SQLite versiones anteriores a la versión 3.32.0, tiene un uso de la memoria previamente liberada en la función fts3EvalNextRow, relacionado con la funcionalidad snippet.
A use-after-free vulnerability was found in the SQLite FTS3 extension module in the way it implemented the snippet function. This flaw allows an attacker who can execute SQL statements to crash the application or potentially execute arbitrary code.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-05-27 CVE Reserved
- 2020-05-27 CVE Published
- 2024-01-09 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List |
|
| http://seclists.org/fulldisclosure/2020/Nov/19 | Mailing List |
|
| http://seclists.org/fulldisclosure/2020/Nov/20 | Mailing List |
|
| http://seclists.org/fulldisclosure/2020/Nov/22 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20200608-0002 | Third Party Advisory |
|
| https://support.apple.com/kb/HT211843 | Release Notes |
|
| https://support.apple.com/kb/HT211844 | Release Notes |
|
| https://support.apple.com/kb/HT211850 | Release Notes |
|
| https://support.apple.com/kb/HT211931 | Release Notes |
|
| https://support.apple.com/kb/HT211935 | Release Notes |
|
| https://support.apple.com/kb/HT211952 | Release Notes |
|
| https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpuoct2020.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | 2023-11-07 | |
| https://sqlite.org/src/info/0d69f76f0865f962 | 2023-11-07 | |
| https://usn.ubuntu.com/4394-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Hci Compute Node Firmware Search vendor "Netapp" for product "Hci Compute Node Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node" | - | - |
Safe
|
| Sqlite Search vendor "Sqlite" | Sqlite Search vendor "Sqlite" for product "Sqlite" | < 3.32.0 Search vendor "Sqlite" for product "Sqlite" and version " < 3.32.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire\, Enterprise Sds \& Hci Storage Node Search vendor "Netapp" for product "Solidfire\, Enterprise Sds \& Hci Storage Node" | - | - |
Affected
| ||||||
| Brocade Search vendor "Brocade" | Fabric Operating System Search vendor "Brocade" for product "Fabric Operating System" | - | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services" | < 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Icloud Search vendor "Apple" for product "Icloud" | < 11.5 Search vendor "Apple" for product "Icloud" and version " < 11.5" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Itunes Search vendor "Apple" for product "Itunes" | < 12.10.9 Search vendor "Apple" for product "Itunes" and version " < 12.10.9" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Ipados Search vendor "Apple" for product "Ipados" | < 14.0 Search vendor "Apple" for product "Ipados" and version " < 14.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 14.0 Search vendor "Apple" for product "Iphone Os" and version " < 14.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | < 11.0.1 Search vendor "Apple" for product "Macos" and version " < 11.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Tvos Search vendor "Apple" for product "Tvos" | < 14.0 Search vendor "Apple" for product "Tvos" and version " < 14.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 7.0 Search vendor "Apple" for product "Watchos" and version " < 7.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Network Charging And Control Search vendor "Oracle" for product "Communications Network Charging And Control" | >= 12.0.0 <= 12.0.3 Search vendor "Oracle" for product "Communications Network Charging And Control" and version " >= 12.0.0 <= 12.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Network Charging And Control Search vendor "Oracle" for product "Communications Network Charging And Control" | 6.0.1 Search vendor "Oracle" for product "Communications Network Charging And Control" and version "6.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Outside In Technology Search vendor "Oracle" for product "Outside In Technology" | 8.5.4 Search vendor "Oracle" for product "Outside In Technology" and version "8.5.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Outside In Technology Search vendor "Oracle" for product "Outside In Technology" | 8.5.5 Search vendor "Oracle" for product "Outside In Technology" and version "8.5.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Zfs Storage Appliance Kit Search vendor "Oracle" for product "Zfs Storage Appliance Kit" | 8.8 Search vendor "Oracle" for product "Zfs Storage Appliance Kit" and version "8.8" | - |
Affected
| ||||||