Vulnerability Details : CVE-2020-13630

CVE Name: CVE-2020-13630: Other vulnerability on Sqlite Sqlite, Fedoraproject Fedora, Canonical Ubuntu Linux, Netapp Cloud Backup, Netapp Solidfire, Enterprise Sds & Hci Storage Node, Brocade Fabric Operating System, Netapp Hci Compute Node Firmware, Netapp Hci Compute Node, Debian Debian Linux, Siemens Sinec Infrastructure Network Services, Apple Iphone Os, Apple Watchos, Apple Tvos, Apple Ipados, Apple Icloud, Apple Itunes, Apple Macos, Oracle Outside In Technology, Oracle Communications Network Charging And Control, Oracle Zfs Storage Appliance Kit
Description: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Publish date: 2020-05-27T15:15Z
Last Update: 2022-05-13T20:56Z

CVSS Scores & Vulnerability Types

CVSS Score
7.0
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH
Actack VectorLOCAL
Actack ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Vulnerability Type(s)Other
CWE ID416

Products Affected By CVE-2020-13630

Detail of Verions Affected

# Product Type Vendor Product Version
1 Application Sqlite Sqlite *
2 Operating System Fedoraproject Fedora 32
3 Operating System Canonical Ubuntu Linux 18.04 Lts
4 Operating System Canonical Ubuntu Linux 19.10
5 Operating System Canonical Ubuntu Linux 20.04 Lts
6 Operating System Canonical Ubuntu Linux 16.04 Esm
7 Application Netapp Cloud Backup
8 Application Netapp Solidfire, Enterprise Sds & Hci Storage Node
9 Operating System Brocade Fabric Operating System
10 Operating System Netapp Hci Compute Node Firmware
11 Hardware Netapp Hci Compute Node
12 Operating System Debian Debian Linux 9.0
13 Application Siemens Sinec Infrastructure Network Services *
14 Operating System Apple Iphone Os *
15 Operating System Apple Watchos *
16 Operating System Apple Tvos *
17 Operating System Apple Ipados *
18 Application Apple Icloud * Windows
19 Application Apple Itunes * Windows
20 Operating System Apple Macos *
21 Application Oracle Outside In Technology 8.5.4
22 Application Oracle Outside In Technology 8.5.5
23 Application Oracle Communications Network Charging And Control 6.0.1
24 Application Oracle Communications Network Charging And Control *
25 Application Oracle Zfs Storage Appliance Kit 8.8

References For CVE-2020-13630

Hyperlink Resource
https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 Permissions Required, Third Party Advisory
https://sqlite.org/src/info/0d69f76f0865f962 Patch, Vendor Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/ Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20200608-0002/ Third Party Advisory
https://usn.ubuntu.com/4394-1/ Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Third Party Advisory
https://security.gentoo.org/glsa/202007-26 Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc Mitigation, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html Third Party Advisory
https://support.apple.com/kb/HT211931 Release Notes, Third Party Advisory
https://support.apple.com/kb/HT211844 Release Notes, Third Party Advisory
https://support.apple.com/kb/HT211850 Release Notes, Third Party Advisory
https://support.apple.com/kb/HT211843 Release Notes, Third Party Advisory
https://support.apple.com/kb/HT211952 Release Notes, Third Party Advisory
http://seclists.org/fulldisclosure/2020/Nov/19 Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2020/Nov/22 Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2020/Nov/20 Mailing List, Third Party Advisory
https://support.apple.com/kb/HT211935 Release Notes, Third Party Advisory
http://seclists.org/fulldisclosure/2020/Dec/32 Mailing List, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch, Third Party Advisory