CVE-2021-36690
published 2021-08-24CVE-2021-36690: A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 16.0 | 16.0 |
| apple | macos | < 13.0 | 13.0 |
| apple | macos_ventura | — | — |
| apple | tvos | < 16.0 | 16.0 |
| apple | tvos | — | — |
| apple | watchos | < 9.0 | 9.0 |
| apple | watchos_9 | — | — |
| debian | sqlite3 | < sqlite3 3.36.0-2 (bookworm) | sqlite3 3.36.0-2 (bookworm) |
| ghost | sqlite3 | >= 0 < 3.34.1-3+deb11u1 | 3.34.1-3+deb11u1 |
| ghost | sqlite3 | >= 0 < 3.36.0-2 | 3.36.0-2 |
| ghost | sqlite3 | >= 0 < 3.36.0-2 | 3.36.0-2 |
| ghost | sqlite3 | >= 0 < 3.36.0-2 | 3.36.0-2 |
| msrc | cbl2_sqlite_3.36.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
| sqlite | sqlite | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH