CVE-2020-13434

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 25-05-2020 12:15

Last modified: - 12-05-2022 05:00

Total changes: - 4

Description

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

5.5

Base score

1.8

3.6

Exploitability score

Impact score

Verification logic

vendor=sqlite AND product=sqlite AND versionEndIncluding=3.32.0

vendor=Debian AND product=debian_linux AND version=8.0

vendor=Debian AND product=debian_linux AND version=9.0

vendor=fedoraproject AND product=fedora AND version=32

vendor=canonical AND product=ubuntu_linux AND version=18.04 AND software_edition=lts

vendor=canonical AND product=ubuntu_linux AND version=19.10

vendor=canonical AND product=ubuntu_linux AND version=20.04 AND software_edition=lts

vendor=canonical AND product=ubuntu_linux AND version=16.04 AND software_edition=esm

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p1

vendor=freebsd AND product=freebsd AND version=12.0 AND update=-

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p3

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p2

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p4

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p5

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p6

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p8

vendor=freebsd AND product=freebsd AND version=12.1 AND update=p1

vendor=freebsd AND product=freebsd AND version=12.1 AND update=-

vendor=freebsd AND product=freebsd AND versionStartIncluding=11.0 AND versionEndExcluding=11.4

vendor=freebsd AND product=freebsd AND version=11.4 AND update=-

vendor=freebsd AND product=freebsd AND version=11.4 AND update=p1

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p10

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p11

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p12

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p7

vendor=freebsd AND product=freebsd AND version=12.0 AND update=p9

vendor=freebsd AND product=freebsd AND version=12.1 AND update=p2

vendor=freebsd AND product=freebsd AND version=12.1 AND update=p3

vendor=freebsd AND product=freebsd AND version=12.1 AND update=p4

vendor=freebsd AND product=freebsd AND version=12.1 AND update=p5

vendor=freebsd AND product=freebsd AND version=12.1 AND update=p6

vendor=freebsd AND product=freebsd AND version=12.1 AND update=p7

vendor=oracle AND product=outside_in_technology AND version=8.5.5

vendor=oracle AND product=communications_network_charging_and_control AND version=6.0.1

vendor=oracle AND product=communications_network_charging_and_control AND versionEndIncluding=12.0.3 AND versionStartIncluding=12.0.0

vendor=oracle AND product=communications_cloud_native_core_policy AND version=1.14.0

vendor=apple AND product=ipad_os AND versionEndExcluding=14.0

vendor=apple AND product=iphone_os AND versionEndExcluding=14.0

vendor=apple AND product=watchos AND versionEndExcluding=7.0

vendor=apple AND product=tvos AND versionEndExcluding=14.0

vendor=apple AND product=icloud AND target_software=windows AND versionEndExcluding=11.5

vendor=apple AND product=itunes AND target_software=windows AND versionEndExcluding=12.10.9

vendor=apple AND product=macos AND versionStartIncluding=11.0 AND versionEndExcluding=11.0.1

Reference

https://www.sqlite.org/src/info/23439ea582241138
https://www.sqlite.org/src/info/d08d3405878d394e
[debian-lts-announce] 20200526 [SECURITY] [DLA 2221-1] sqlite3-Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20200528-0004/
FEDORA-2020-0477f8840e-Mailing List, Third Party Advisory
USN-4394-1-Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
GLSA-202007-26-Third Party Advisory
FreeBSD-SA-20:22-Third Party Advisory
[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update-Mailing List, Third Party Advisory
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT211844
https://support.apple.com/kb/HT211850
https://support.apple.com/kb/HT211843
https://support.apple.com/kb/HT211952
20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0-Mailing List, Third Party Advisory
20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0-Mailing List, Third Party Advisory
20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0-Mailing List, Third Party Advisory
https://support.apple.com/kb/HT211935
20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html

Keywords

CVE-2020-13434

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-13434

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures