CVE-2020-35525 — NULL Pointer Dereference in Sqlite

CWE-476 — NULL Pointer Dereference12 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 55.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ghost Sqlite3 Sqlite

Timeline

PublishedSep 1

Latest updateJun 27

Description

In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debianghost/sqlite3< 3.32.0-1+3

▶Ubuntughost/sqlite3< 3.22.0-1ubuntu0.6+3

▶CVEListV5sqlite/sqlitesqlite 3.31.1

▶NVDsqlite/sqlite3.31.1

Patches

Patch: www.sqlite.org ↗Patch: www.sqlite.org ↗

🔴Vulnerability Details

OSV

sqlite3 vulnerability↗2024-06-27

▶

OSV

sqlite3 vulnerability↗2022-09-28

▶

OSV

sqlite3 vulnerabilities↗2022-09-15

▶

GHSA

GHSA-3p6j-m43h-3g48: In SQlite 3↗2022-09-02

▶

CVEList

CVE-2020-35525: In SQlite 3↗2022-09-01

▶

📋Vendor Advisories

Ubuntu

SQLite vulnerability↗2024-06-27

▶

Ubuntu

SQLite vulnerability↗2022-09-28

▶

Ubuntu

SQLite vulnerabilities↗2022-09-15

▶

Red Hat

sqlite: Null pointer derreference in src/select.c↗2020-02-20

▶

Debian

CVE-2020-35525: sqlite3 - In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSE...↗2020

▶