Your submission was sent successfully! Close

CVE-2020-35527

Published: 1 September 2022

In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.

Notes

AuthorNote
rodrigo-zaiden
upstream fix adds a check with the macro IN_RENAME_OBJECT,
that started to appear in version 3.25.0 (commit cf8f2895) as
IN_RENAME_COLUMN and ended up in its current state in version
3.31.0 (commit e6dc1e5b). Backporting the fix to versions
prior to 3.31 seems too risky and would likely introduce
regressions. Also, there is a note in the upstream bug link
saying that the issue happens "due to the two-size lookaside
memory allocator added in version 3.31.0". So, sqlite3 for
Ubuntu releases earlier than focal won't be fixed.
sqlite source package does not have the vulnerable code.
Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
sqlite
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Ignored
(end of standard support)
sqlite3
Launchpad, Ubuntu, Debian
bionic Ignored

focal
Released (3.31.1-4ubuntu0.4)
jammy Not vulnerable
(3.37.2-2)
trusty Ignored

upstream
Released (3.32.0)
xenial Ignored

Patches:
upstream: https://www.sqlite.org/src/info/c431b3fd8fd0f6a6
upstream: https://github.com/sqlite/sqlite/commit/0990c415f65d2556a5e4122cbe5727d500411aeb (version-3.32.0)