CVE-2021-36690
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
** EN DISPUTA ** Puede producirse un fallo de segmentación en el componente command-line sqlite3.exe de SQLite versión 3.36.0 por medio de la función idxGetTableInfo cuando hay una consulta SQL manipulada. NOTA: el proveedor disputa la relevancia de este informe porque un usuario de sqlite3.exe ya tiene privilegios completos (por ejemplo, se le permite intencionadamente ejecutar comandos). Este informe NO implica ningún problema en la biblioteca SQLite.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-07-12 CVE Reserved
- 2021-08-24 CVE Published
- 2024-05-09 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2022/Oct/28 | Mailing List | |
http://seclists.org/fulldisclosure/2022/Oct/39 | Mailing List | |
http://seclists.org/fulldisclosure/2022/Oct/41 | Mailing List | |
http://seclists.org/fulldisclosure/2022/Oct/47 | Mailing List | |
http://seclists.org/fulldisclosure/2022/Oct/49 | Mailing List | |
https://support.apple.com/kb/HT213446 | Third Party Advisory | |
https://support.apple.com/kb/HT213486 | Third Party Advisory | |
https://support.apple.com/kb/HT213487 | Third Party Advisory | |
https://support.apple.com/kb/HT213488 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.sqlite.org/forum/forumpost/718c0a8d17 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sqlite Search vendor "Sqlite" | Sqlite Search vendor "Sqlite" for product "Sqlite" | 3.36.0 Search vendor "Sqlite" for product "Sqlite" and version "3.36.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Zfs Storage Appliance Kit Search vendor "Oracle" for product "Zfs Storage Appliance Kit" | 8.8 Search vendor "Oracle" for product "Zfs Storage Appliance Kit" and version "8.8" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 16.0 Search vendor "Apple" for product "Iphone Os" and version " < 16.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | < 13.0 Search vendor "Apple" for product "Macos" and version " < 13.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Tvos Search vendor "Apple" for product "Tvos" | < 16.0 Search vendor "Apple" for product "Tvos" and version " < 16.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 9.0 Search vendor "Apple" for product "Watchos" and version " < 9.0" | - |
Affected
|