Your submission was sent successfully! Close

CVE-2021-20227

Published: 5 February 2021

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.

Notes

AuthorNote
mdeslaur
per upstream commit, this was introduced by the following
check-in: https://sqlite.org/src/info/6e6b3729e0549de0
Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
sqlite
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
sqlite3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
groovy
Released (3.33.0-1ubuntu0.1)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream
Released (3.41.1)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://sqlite.org/src/info/30a4c323650cc949