CVE-2021-20227
Ubuntu Security Notice USN-4732-1
Severity Score
Exploit Likelihood
Affected Versions
8Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.
Se encontró un fallo en la funcionalidad de consulta SELECT de SQLite (src/select.c). Este fallo permite a un atacante que es capaz de ejecutar consultas SQL localmente en la base de datos SQLite causar una denegación de servicio o una posible ejecución de código desencadenando un uso de la memoria previamente liberada. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema
It was discovered that SQLite incorrectly handled certain sub-queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-02-11 CVE Published
- 2024-08-03 CVE Updated
- 2025-04-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?i... | Issue Tracking | |
| https://security.netapp.com/advisory/ntap-... | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com//security-alerts/cpujul2021.html | 2022-11-16 | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | 2022-11-16 | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | 2022-11-16 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202103-04 | 2022-11-16 | |
| https://security.gentoo.org/glsa/202210-40 | 2022-11-16 | |
| https://www.sqlite.org/releaselog/3_34_1.html | 2022-11-16 |