CVE-2020-13631

CWE-20 — Improper Input Validation17 documents12 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 85.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud Apple Ipados Apple Iphone OS +11 more

Timeline

PublishedMay 27

Latest updateMay 24

Description

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

▶NVDsqlite/sqlite< 3.32.0

▶Debiansqlite3< 3.32.0-1+3

▶NVDapple/tvos< 14.0

▶NVDapple/macos< 11.0.1

▶NVDapple/icloud< 11.5

Also affects: Fedora 32, Ubuntu Linux 16.04, 18.04, 19.10, 20.04

Patches

Patch: cert-portal.siemens.com ↗Patch: sqlite.org ↗Patch: usn.ubuntu.com ↗

🔴Vulnerability Details

GHSA

GHSA-ggrr-j79r-pq3m: SQLite before 3↗2022-05-24

▶

CVEList

CVE-2020-13631: SQLite before 3↗2020-05-27

▶

OSV

CVE-2020-13631: SQLite before 3↗2020-05-27

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Installation (SQLite) — CVE-2020-13631↗2020-10-15

▶

Apple

CVE-2020-13631: tvOS 14.0↗2020-09-16

▶

Apple

CVE-2020-13631: iTunes 12.10.9 for Windows↗2020-09-16

▶

Apple

CVE-2020-13631: watchOS 7.0↗2020-09-16

▶

BSD

FreeBSD-SA-20:22.sqlite: Multiple vulnerabilities in sqlite3↗2020-08-05

▶

💬Community

Bugzilla

CVE-2020-13631 sqlite2: sqlite: virtual table can be renamed into the name of one of its shadow tables [fedora-all]↗2020-05-29

▶

Bugzilla

CVE-2020-13631 sqlite: allows a virtual table to be renamed to the name of one of its shadow tables [fedora-all]↗2020-05-29

▶

Bugzilla

CVE-2020-13631 sqlite: Virtual table can be renamed into the name of one of its shadow tables↗2020-05-29

▶

Bugzilla

CVE-2020-13631 mingw-sqlite: sqlite: virtual table can be renamed into the name of one of its shadow tables [fedora-all]↗2020-05-29

▶