CVE-2021-20227

CWE-416Use After Free11 documents9 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 56.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Oracle JD Edwards Enterpriseone ToolsSqlite SqliteOracle Communications Network Charging AND Control+4 more
Timeline
PublishedMar 23
Latest updateMay 24

Description

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

NVDsqlite/sqlite3.33.03.34.1
Debiansqlite3< 3.34.1-1+3
CVEListV5sqlitesqlite 3.34.1

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-w586-cvch-p9ch: A flaw was found in SQLite's SELECT query functionality (src/select2022-05-24
CVEList
CVE-2021-20227: A flaw was found in SQLite's SELECT query functionality (src/select2021-03-23
OSV
CVE-2021-20227: A flaw was found in SQLite's SELECT query functionality (src/select2021-03-23

📋Vendor Advisories

7
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: Provisioning (SQLite) — CVE-2021-202272021-10-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Common fns (SQLite) — CVE-2021-202272021-07-15
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Installation (SQLite) — CVE-2021-202272021-04-15
Microsoft
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service o2021-03-09
Ubuntu
SQLite vulnerability2021-02-11
CVE-2021-20227 (MEDIUM CVSS 5.5) | A flaw was found in SQLite's SELECT | cvebase.io