Vulnerability Details : CVE-2020-13630
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Vulnerability category: Memory Corruption
Products affected by CVE-2020-13630
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
- Oracle » Communications Network Charging And ControlVersions from including (>=) 12.0.0 and up to, including, (<=) 12.0.3cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
- cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-13630
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-13630
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
|
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2020-13630
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-13630
-
http://seclists.org/fulldisclosure/2020/Dec/32
Full Disclosure: APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1Mailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Critical Patch Update Advisory - October 2020Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
[SECURITY] Fedora 32 Update: sqlite-3.32.1-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
Inloggen - Google AccountsPermissions Required;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020Third Party Advisory
-
https://support.apple.com/kb/HT211844
Release Notes;Third Party Advisory
-
https://sqlite.org/src/info/0d69f76f0865f962
SQLite: Check-in [0d69f76f]Patch;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20200608-0002/
June 2020 SQLite Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://seclists.org/fulldisclosure/2020/Nov/22
Full Disclosure: APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0Mailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
[SECURITY] [DLA 2340-1] sqlite3 security updateThird Party Advisory
-
https://usn.ubuntu.com/4394-1/
USN-4394-1: SQLite vulnerabilities | Ubuntu security noticesPatch;Third Party Advisory
-
https://support.apple.com/kb/HT211850
About the security content of iOS 14.0 and iPadOS 14.0 - Apple SupportRelease Notes;Third Party Advisory
-
https://support.apple.com/kb/HT211952
About the security content of iTunes 12.10.9 for Windows - Apple SupportRelease Notes;Third Party Advisory
-
https://support.apple.com/kb/HT211843
About the security content of tvOS 14.0 - Apple SupportRelease Notes;Third Party Advisory
-
https://support.apple.com/kb/HT211931
About the security content of macOS Big Sur 11.0.1 - Apple SupportRelease Notes;Third Party Advisory
-
http://seclists.org/fulldisclosure/2020/Nov/20
Full Disclosure: APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT211935
About the security content of iCloud for Windows 11.5 - Apple SupportRelease Notes;Third Party Advisory
-
https://security.gentoo.org/glsa/202007-26
SQLite: Multiple vulnerabilities (GLSA 202007-26) — Gentoo securityThird Party Advisory
-
http://seclists.org/fulldisclosure/2020/Nov/19
Full Disclosure: APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0Mailing List;Third Party Advisory
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
Mitigation;Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Patch;Third Party Advisory
Jump to