CVE-2020-13631
Published: 27 May 2020
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
Notes
| Author | Note |
|---|---|
| mdeslaur | The code changes required to backport the fix for this issue to older versions of SQLite shipped in Ubuntu stable releases is subtantial and may introduce regressions. Due to the low severity of this issue, we will not be releasing a fix for Ubuntu 18.04 LTS and earlier. Marking as ignored. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
sqlite Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
| eoan |
Ignored
|
|
| focal |
Ignored
|
|
| trusty |
Ignored
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
|
|
|
sqlite3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
| eoan |
Released
(3.29.0-2ubuntu0.3)
|
|
| focal |
Released
(3.31.1-4ubuntu0.1)
|
|
| trusty |
Ignored
|
|
| upstream |
Released
(3.32.0-1)
|
|
| xenial |
Ignored
|
|
|
Patches: upstream: https://sqlite.org/src/info/eca0ba2cf4c0fdf7 upstream: https://github.com/sqlite/sqlite/commit/3d863b5e4efb2305d64f87a2128289d1c3ce09b6 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |