CVE-2017-13685: The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.

medium5.5CVSS 3.0

AVLACLPRNUIRSUCNINAH

The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.

Affected

9 ranges

Vendor	Product	Version range	Fixed in
debian	sqlite3	< sqlite3 3.20.1-1 (bookworm)	sqlite3 3.20.1-1 (bookworm)
ghost	sqlite3	>= 0 < 3.20.1-1	3.20.1-1
ghost	sqlite3	>= 0 < 3.20.1-1	3.20.1-1
ghost	sqlite3	>= 0 < 3.20.1-1	3.20.1-1
ghost	sqlite3	>= 0 < 3.20.1-1	3.20.1-1
ghost	sqlite3	>= 0 < 3.11.0-1ubuntu1.2	3.11.0-1ubuntu1.2
ghost	sqlite3	>= 0 < 3.22.0-1ubuntu0.1	3.22.0-1ubuntu0.1
ghost	sqlite3	>= 0 < 3.8.2-1ubuntu2.2+esm1	3.8.2-1ubuntu2.2+esm1
sqlite	sqlite	—	—

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

osv5.9MEDIUM