Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-13434

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

Published

2020-05-24T22:15:10.397

Last Modified

2024-11-21T05:01:15.420

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sqlite	sqlite	≤ 3.32.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	fedoraproject	fedora	32	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	canonical	ubuntu_linux	19.10	Yes
Operating System	canonical	ubuntu_linux	20.04	Yes
Operating System	freebsd	freebsd	< 11.4	Yes
Operating System	freebsd	freebsd	11.4	Yes
Operating System	freebsd	freebsd	11.4	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.0	Yes
Operating System	freebsd	freebsd	12.1	Yes
Operating System	freebsd	freebsd	12.1	Yes
Operating System	freebsd	freebsd	12.1	Yes
Operating System	freebsd	freebsd	12.1	Yes
Operating System	freebsd	freebsd	12.1	Yes
Operating System	freebsd	freebsd	12.1	Yes
Operating System	freebsd	freebsd	12.1	Yes
Operating System	freebsd	freebsd	12.1	Yes
Application	oracle	communications_cloud_native_core_policy	1.14.0	Yes
Application	oracle	communications_network_charging_and_control	≤ 12.0.3	Yes
Application	oracle	communications_network_charging_and_control	6.0.1	Yes
Application	oracle	outside_in_technology	8.5.5	Yes
Application	apple	icloud	< 11.5	Yes
Application	apple	itunes	< 12.10.9	Yes
Operating System	apple	ipados	< 14.0	Yes
Operating System	apple	iphone_os	< 14.0	Yes
Operating System	apple	macos	< 11.0.1	Yes
Operating System	apple	tvos	< 14.0	Yes
Operating System	apple	watchos	< 7.0	Yes

References

http://seclists.org/fulldisclosure/2020/Dec/32 Mailing List, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2020/Nov/19 Mailing List, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2020/Nov/20 Mailing List, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2020/Nov/22 Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/ ([email protected])
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202007-26 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20200528-0004/ Third Party Advisory ([email protected])
https://support.apple.com/kb/HT211843 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT211844 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT211850 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT211931 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT211935 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT211952 Third Party Advisory ([email protected])
https://usn.ubuntu.com/4394-1/ Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuApr2021.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujul2020.html Patch, Third Party Advisory ([email protected])
https://www.sqlite.org/src/info/23439ea582241138 Exploit, Patch, Vendor Advisory ([email protected])
https://www.sqlite.org/src/info/d08d3405878d394e Patch, Vendor Advisory ([email protected])
http://seclists.org/fulldisclosure/2020/Dec/32 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2020/Nov/19 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2020/Nov/20 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2020/Nov/22 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202007-26 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20200528-0004/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT211843 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT211844 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT211850 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT211931 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT211935 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT211952 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4394-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuApr2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2020.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.sqlite.org/src/info/23439ea582241138 Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.sqlite.org/src/info/d08d3405878d394e Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)