CVE-2020-13631
Published: 27 May 2020
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Priority
Low
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
sqlite Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Ignored
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
|
|
|
sqlite3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.32.0-1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(3.31.1-4ubuntu0.1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
|
|
|
Patches: Upstream: https://sqlite.org/src/info/eca0ba2cf4c0fdf7 Upstream: https://github.com/sqlite/sqlite/commit/3d863b5e4efb2305d64f87a2128289d1c3ce09b6 |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | The code changes required to backport the fix for this issue to older versions of SQLite shipped in Ubuntu stable releases is subtantial and may introduce regressions. Due to the low severity of this issue, we will not be releasing a fix for Ubuntu 18.04 LTS and earlier. Marking as ignored. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631
- https://ubuntu.com/security/notices/USN-4394-1
- NVD
- Launchpad
- Debian