Your submission was sent successfully! Close

CVE-2021-20223

Published: 25 August 2022

An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
sqlite
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Ignored
(end of standard support)
sqlite3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (3.31.1-4ubuntu0.4)
jammy Not vulnerable
(3.37.2-2)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://sqlite.org/src/info/b7b7bde9b7a03665
upstream: https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b