Your submission was sent successfully! Close

CVE-2020-9327

Published: 21 February 2020

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
sqlite3
Launchpad, Ubuntu, Debian
bionic
Released (3.22.0-1ubuntu0.3)
eoan
Released (3.29.0-2ubuntu0.2)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream
Released (3.31.1-3)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://www.sqlite.org/cgi/src/info/4374860b29383380
upstream: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
upstream: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
upstream: https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d
upstream: https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21