CVE-2021-36690 : A segmentation fault can occur in the sqlite3.exe command-line component of SQLi

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

Published 2021-08-24 14:15:10

Updated 2024-08-04 01:15:46

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2021-36690

Apple » Iphone Os
Versions before (<) 16.0
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Watchos
Versions before (<) 9.0
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Matching versions
Apple » Tvos
Versions before (<) 16.0
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions
Apple » Macos
Versions before (<) 13.0
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Matching versions
Oracle » Zfs Storage Appliance Kit » Version: 8.8
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Matching versions
Sqlite » Sqlite » Version: 3.36.0
cpe:2.3:a:sqlite:sqlite:3.36.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-36690

EPSS FAQ

0.82%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-36690

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2021-36690

https://support.apple.com/kb/HT213488

About the security content of macOS Ventura 13 - Apple Support
Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Oct/47

Full Disclosure: APPLE-SA-2022-10-27-11 tvOS 16
Mailing List;Third Party Advisory

CVEs referencing this url
https://support.apple.com/kb/HT213486

About the security content of watchOS 9 - Apple Support
Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Oct/41

Full Disclosure: APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
Mailing List;Third Party Advisory

CVEs referencing this url
https://support.apple.com/kb/HT213446

About the security content of iOS 16 - Apple Support
Third Party Advisory

CVEs referencing this url
https://support.apple.com/kb/HT213487

About the security content of tvOS 16 - Apple Support
Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Oct/28

Full Disclosure: APPLE-SA-2022-10-24-2 macOS Ventura 13
Mailing List;Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Oct/39

Full Disclosure: APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.sqlite.org/forum/forumpost/718c0a8d17

SQLite Forum: Segmentation fault in idxGetTableInfo
Exploit;Patch;Vendor Advisory
http://seclists.org/fulldisclosure/2022/Oct/49

Full Disclosure: APPLE-SA-2022-10-27-13 watchOS 9
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-36690

Products affected by CVE-2021-36690

Exploit prediction scoring system (EPSS) score for CVE-2021-36690

CVSS scores for CVE-2021-36690

References for CVE-2021-36690