CVE-2020-9327 - In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and

CVE-2020-9327

Summary

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

References

Vulnerable Configurations

cpe:2.3:a:sqlite:sqlite:3.31.1:*:*:*:*:*:*:*
cpe:2.3:a:sqlite:sqlite:3.31.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:5.2.47:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:5.2.47:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:6.3.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:8.0.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 08-04-2022 - 10:33)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1841574
title	CVE-2020-13632 sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND
comment lemon is earlier than 0:3.26.0-11.el8
oval oval:com.redhat.rhsa:tst:20204442001
comment lemon is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151634002
AND
comment sqlite is earlier than 0:3.26.0-11.el8
oval oval:com.redhat.rhsa:tst:20204442003
comment sqlite is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151634004

AND

comment sqlite-debugsource is earlier than 0:3.26.0-11.el8
oval oval:com.redhat.rhsa:tst:20204442005
comment sqlite-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20200273006

AND
comment sqlite-devel is earlier than 0:3.26.0-11.el8
oval oval:com.redhat.rhsa:tst:20204442007
comment sqlite-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151634006
AND
comment sqlite-doc is earlier than 0:3.26.0-11.el8
oval oval:com.redhat.rhsa:tst:20204442009
comment sqlite-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151634008
AND
comment sqlite-libs is earlier than 0:3.26.0-11.el8
oval oval:com.redhat.rhsa:tst:20204442011
comment sqlite-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20200273012

rhsa

id	RHSA-2020:4442
released	2020-11-04
severity	Moderate
title	RHSA-2020:4442: sqlite security update (Moderate)

rpms

lemon-0:3.26.0-11.el8
lemon-debuginfo-0:3.26.0-11.el8
sqlite-0:3.26.0-11.el8
sqlite-analyzer-debuginfo-0:3.26.0-11.el8
sqlite-debuginfo-0:3.26.0-11.el8
sqlite-debugsource-0:3.26.0-11.el8
sqlite-devel-0:3.26.0-11.el8
sqlite-doc-0:3.26.0-11.el8
sqlite-libs-0:3.26.0-11.el8
sqlite-libs-debuginfo-0:3.26.0-11.el8
sqlite-tcl-debuginfo-0:3.26.0-11.el8

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20200313-0002/
gentoo	GLSA-202003-16
misc	https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.sqlite.org/cgi/src/info/4374860b29383380 https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
ubuntu	USN-4298-1

Last major update

08-04-2022 - 10:33

Published

21-02-2020 - 22:15

Last modified

08-04-2022 - 10:33