CVE-2020-13434Integer Overflow or Wraparound in Sqlite

CWE-190Integer Overflow or WraparoundCWE-121Stack-based Buffer Overflow18 documents12 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 82.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Ghost Sqlite3Apple IcloudApple Ipados+13 more
Timeline
PublishedMay 24
Latest updateMay 24

Description

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

Debianghost/sqlite3< 3.32.1-1+3
NVDsqlite/sqlite3.32.0
NVDapple/tvos< 14.0
NVDapple/macos11.011.0.1
NVDapple/icloud< 11.5

Also affects: Debian Linux 8.0, 9.0, Fedora 32, Ubuntu Linux 16.04, 18.04, 19.10, 20.04

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-fjp7-rxx4-gq9h: SQLite through 32022-05-24
CVEList
CVE-2020-13434: SQLite through 32020-05-24
OSV
CVE-2020-13434: SQLite through 32020-05-24

📋Vendor Advisories

9
Oracle
Oracle Oracle Communications Risk Matrix: Policy (SQLite) — CVE-2020-134342022-04-15
Apple
CVE-2020-13434: watchOS 7.02020-09-16
Apple
CVE-2020-13434: iTunes 12.10.9 for Windows2020-09-16
Apple
CVE-2020-13434: tvOS 14.02020-09-16
BSD
FreeBSD-SA-20:22.sqlite: Multiple vulnerabilities in sqlite32020-08-05

💬Community

5
Bugzilla
CVE-2020-13434 sqlite2: sqlite: integer overflow in sqlite3_str_vappendf function in printf.c [epel-all]2020-05-28
Bugzilla
CVE-2020-13434 sqlite2: sqlite: integer overflow in sqlite3_str_vappendf function in printf.c [fedora-all]2020-05-28
Bugzilla
CVE-2020-13434 mingw-sqlite: sqlite: integer overflow in sqlite3_str_vappendf function in printf.c [fedora-all]2020-05-28
Bugzilla
CVE-2020-13434 sqlite: integer overflow in sqlite3_str_vappendf function in printf.c2020-05-28
Bugzilla
CVE-2020-13434 sqlite: integer overflow in sqlite3_str_vappendf function in printf.c [fedora-all]2020-05-28