Your submission was sent successfully! Close

CVE-2020-9327

Published: 21 February 2020

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
sqlite3
Launchpad, Ubuntu, Debian
Upstream
Released (3.31.1-3)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.22.0-1ubuntu0.3)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://www.sqlite.org/cgi/src/info/4374860b29383380
Upstream: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
Upstream: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
Upstream: https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d
Upstream: https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21