CVE-2020-13632

Description

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
• v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.03%• Percentile: 9%

Techniques & Countermeasures

• CWE-476•NULL Pointer Dereference

  The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

• brocade•fabric_operating_system

  na

• canonical•ubuntu_linux

  16.04 | 18.04 | 19.10 | 20.04

• debian•debian_linux

  9.0

• fedoraproject•fedora

  32

• netapp•cloud_backup

  na

• netapp•hci_compute_node_firmware

  na

• netapp•solidfire\,_enterprise_sds_\&_hci_storage_node

  na

• oracle•communications_network_charging_and_control

  ≥ 12.0.0, ≤ 12.0.3 | 6.0.1

• oracle•outside_in_technology

  8.5.4 | 8.5.5

• oracle•zfs_storage_appliance_kit

  8.8

• siemens•sinec_infrastructure_network_services

  < 1.0.1.1

• sqlite•sqlite

  < 3.32.0

References (11)

• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
• https://usn.ubuntu.com/4394-1/
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
• https://security.netapp.com/advisory/ntap-20200608-0002/
• https://sqlite.org/src/info/a4dd148928ea65bd
• https://security.gentoo.org/glsa/202007-26
• https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
• https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf