← Back

CVE-2020-13630

nvd nist
Published: May 27, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD

Description

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

Affected (24)

Products: Sqlite: Sqlite · Fedoraproject: Fedora · Canonical: Ubuntu Linux · +6 more
Show all products
Sqlite: Sqlite · Fedoraproject: Fedora · Canonical: Ubuntu Linux · Netapp: Cloud Backup, Solidfire, Enterprise Sds & Hci Storage Node, Hci Compute Node Firmware · Brocade: Fabric Operating System · Debian: Debian Linux · Siemens: Sinec Infrastructure Network Services · Apple: Icloud, Ipados, Iphone Os, Itunes, Macos, Tvos, Watchos · Oracle: Communications Network Charging And Control, Outside In Technology, Zfs Storage Appliance Kit
Sqlite
1 product
Sqlite
Fedoraproject
1 product
Fedora
Canonical
1 product
Ubuntu Linux
Netapp
3 products
Cloud Backup
Solidfire, Enterprise Sds & Hci Storage Node
Hci Compute Node Firmware
Brocade
1 product
Fabric Operating System
Debian
1 product
Debian Linux
Siemens
1 product
Sinec Infrastructure Network Services
Apple
7 products
Icloud
Ipados
Iphone Os
Itunes
Macos
Tvos
Watchos
Oracle
3 products
Communications Network Charging And Control
Outside In Technology
Zfs Storage Appliance Kit
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Sqlite
Before 3.32.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 32
Configuration C
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 19.10
Ubuntu Linux
Version 20.04
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Cloud Backup
All versions
Solidfire, Enterprise Sds & Hci Storage Node
All versions
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Fabric Operating System
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hci Compute Node Firmware
All versions
Running on/withPlatform Versions
Netapp
Hci Compute Node
All versions
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0
Configuration H
1 vulnerable
Vulnerable SoftwareAffected Versions
Sinec Infrastructure Network Services
Before 1.0.1.1
Configuration I
7 vulnerable
Vulnerable SoftwareAffected Versions
Icloud
Before 11.5
Ipados
Before 14.0
Iphone Os
Before 14.0
Itunes
Before 12.10.9
Macos
Before 11.0.1
Tvos
Before 14.0
Watchos
Before 7.0
Configuration J
5 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Communications Network Charging And Control
From 12.0.0 to 12.0.3
Communications Network Charging And Control
Version 6.0.1
Oracle
Outside In Technology
Version 8.5.4
Outside In Technology
Version 8.5.5
Zfs Storage Appliance Kit
Version 8.8

Related CWEs

CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (42)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Permissions RequiredThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
MitigationThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.