Your submission was sent successfully! Close

CVE-2020-13434

Published: 24 May 2020

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
sqlite3
Launchpad, Ubuntu, Debian
bionic
Released (3.22.0-1ubuntu0.4)
eoan
Released (3.29.0-2ubuntu0.3)
focal
Released (3.31.1-4ubuntu0.1)
precise Not vulnerable

trusty Not vulnerable

upstream
Released (3.32.1-1)
xenial
Released (3.11.0-1ubuntu1.5)
Patches:
upstream: https://www.sqlite.org/src/info/d08d3405878d394e
upstream: https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018

Notes

AuthorNote
leosilva
printf function support was added in 3.8.3 by commit
https://github.com/sqlite/sqlite/commit/a5c1416d64b4b857721f085258b6ef1dcaeb6f5b

References