CVE-2021-20227: A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the…

medium5.5CVSS 3.1

AVLACLPRLUINSUCNINAH

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.

Affected

22 ranges

Vendor	Product	Version range	Fixed in
debian	sqlite3	< sqlite3 3.34.1-1 (bookworm)	sqlite3 3.34.1-1 (bookworm)
ghost	sqlite3	>= 0 < 3.34.1-1	3.34.1-1
ghost	sqlite3	>= 0 < 3.34.1-1	3.34.1-1
ghost	sqlite3	>= 0 < 3.34.1-1	3.34.1-1
ghost	sqlite3	>= 0 < 3.34.1-1	3.34.1-1
msrc	sqlite-3.34.1-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm	—	—
msrc	sqlite-3.34.1-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64	—	—
msrc	sqlite-debuginfo-3.34.1-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm	—	—
msrc	sqlite-debuginfo-3.34.1-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64	—	—
msrc	sqlite-devel-3.34.1-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm	—	—
msrc	sqlite-devel-3.34.1-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64	—	—
msrc	sqlite-libs-3.34.1-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm	—	—
msrc	sqlite-libs-3.34.1-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64	—	—
oracle	communications_network_charging_and_control	—	—
oracle	communications_network_charging_and_control	12.0.1.0 – 12.0.4.0.0	—
oracle	enterprise_manager_for_oracle_database	—	—
oracle	jd_edwards_enterpriseone_tools	< 9.2.6.0	9.2.6.0
oracle	mysql_workbench	<= 8.0.26	—
oracle	outside_in_technology	—	—
oracle	zfs_storage_appliance_kit	—	—
sqlite	sqlite	—	—
sqlite	sqlite	>= 3.33.0 < 3.34.1	3.34.1

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

osv5.5MEDIUM