CVE-2020-13630Use After Free in Sqlite

CWE-416Use After Free16 documents11 sources
Severity
7.0HIGHNVD
EPSS
0.1%
top 75.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Ghost Sqlite3Apple IcloudApple Ipados+13 more
Timeline
PublishedMay 27
Latest updateMay 24

Description

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages13 packages

NVDsqlite/sqlite< 3.32.0
Debianghost/sqlite3< 3.32.0-1+3
NVDapple/tvos< 14.0
NVDapple/macos< 11.0.1
NVDapple/icloud< 11.5

Also affects: Debian Linux 9.0, Fedora 32, Ubuntu Linux 16.04, 18.04, 19.10, 20.04

Patches

Patch: cert-portal.siemens.comPatch: sqlite.orgPatch: usn.ubuntu.com

🔴Vulnerability Details

3
GHSA
GHSA-wgpm-4xgr-4mhp: ext/fts3/fts32022-05-24
CVEList
CVE-2020-13630: ext/fts3/fts32020-05-27
OSV
CVE-2020-13630: ext/fts3/fts32020-05-27

📋Vendor Advisories

8
Apple
CVE-2020-13630: watchOS 7.02020-09-16
Apple
CVE-2020-13630: iTunes 12.10.9 for Windows2020-09-16
Apple
CVE-2020-13630: tvOS 14.02020-09-16
BSD
FreeBSD-SA-20:22.sqlite: Multiple vulnerabilities in sqlite32020-08-05
Ubuntu
SQLite vulnerabilities2020-06-10

💬Community

4
Bugzilla
CVE-2020-13630 sqlite2: sqlite: use-after-free in fts3EvalNextRow in ext/fts3/fts3.c [fedora-all]2020-05-29
Bugzilla
CVE-2020-13630 mingw-sqlite: sqlite: use-after-free in fts3EvalNextRow in ext/fts3/fts3.c [fedora-all]2020-05-29
Bugzilla
CVE-2020-13630 sqlite: use-after-free in fts3EvalNextRow in ext/fts3/fts3.c [fedora-all]2020-05-29
Bugzilla
CVE-2020-13630 sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c2020-05-29
CVE-2020-13630 — Use After Free in Sqlite | cvebase