CVE-2020-13435NULL Pointer Dereference in Sqlite

CWE-476NULL Pointer Dereference17 documents11 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Ghost Sqlite3SqliteFedoraproject Fedora
Timeline
PublishedMay 24
Latest updateMay 24

Description

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianghost/sqlite3< 3.32.1-1+3
NVDsqlite/sqlite3.32.0

Also affects: Fedora 32

Patches

Patch: www.sqlite.orgPatch: www.sqlite.org

🔴Vulnerability Details

3
GHSA
GHSA-4hxf-56qj-qrgf: SQLite through 32022-05-24
OSV
CVE-2020-13435: SQLite through 32020-05-24
CVEList
CVE-2020-13435: SQLite through 32020-05-24

📋Vendor Advisories

8
Apple
CVE-2020-13435: iTunes 12.10.9 for Windows2020-09-16
Apple
CVE-2020-13435: watchOS 7.02020-09-16
Apple
CVE-2020-13435: tvOS 14.02020-09-16
BSD
FreeBSD-SA-20:22.sqlite: Multiple vulnerabilities in sqlite32020-08-05
Ubuntu
SQLite vulnerabilities2020-06-10

💬Community

5
Bugzilla
CVE-2020-13435 sqlite2: sqlite: segmentation fault in sqlite3ExprCodeTarget in expr.c [epel-all]2020-05-28
Bugzilla
CVE-2020-13435 sqlite2: sqlite: segmentation fault in sqlite3ExprCodeTarget in expr.c [fedora-all]2020-05-28
Bugzilla
CVE-2020-13435 sqlite: NULL pointer dereference in sqlite3ExprCodeTarget()2020-05-28
Bugzilla
CVE-2020-13435 sqlite: segmentation fault in sqlite3ExprCodeTarget in expr.c [fedora-all]2020-05-28
Bugzilla
CVE-2020-13435 mingw-sqlite: sqlite: segmentation fault in sqlite3ExprCodeTarget in expr.c [fedora-all]2020-05-28
CVE-2020-13435 — NULL Pointer Dereference in Sqlite | cvebase