CVE-2020-13631
Published: 27 May 2020
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Notes
Author | Note |
---|---|
mdeslaur | The code changes required to backport the fix for this issue to older versions of SQLite shipped in Ubuntu stable releases is subtantial and may introduce regressions. Due to the low severity of this issue, we will not be releasing a fix for Ubuntu 18.04 LTS and earlier. Marking as ignored. |
Priority
Status
Package | Release | Status |
---|---|---|
sqlite Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
trusty |
Ignored
|
|
xenial |
Ignored
|
|
bionic |
Ignored
|
|
eoan |
Ignored
|
|
focal |
Ignored
|
|
sqlite3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
eoan |
Released
(3.29.0-2ubuntu0.3)
|
|
focal |
Released
(3.31.1-4ubuntu0.1)
|
|
trusty |
Ignored
|
|
upstream |
Released
(3.32.0-1)
|
|
xenial |
Ignored
|
|
Patches: upstream: https://sqlite.org/src/info/eca0ba2cf4c0fdf7 upstream: https://github.com/sqlite/sqlite/commit/3d863b5e4efb2305d64f87a2128289d1c3ce09b6 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |