CVE-2020-13434: SQL Injection
First published: Sun May 24 2020(Updated: )
SQLite is vulnerable to a denial of service, caused by an integer overflow in the sqlite3_str_vappendf function. By sending a specially-crafted request, a remote attacker could overflow a buffer and cause a denial of service.
Credit: CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 CVE-2020-13434 CVE-2020-13435 CVE-2020-13434 CVE-2020-13435 cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Verify Access | <=10.0.0 | |
| Apple iTunes for Windows | <12.10.9 | 12.10.9 |
| Apple iCloud for Windows | <11.5 | 11.5 |
| Apple macOS Big Sur | <11.0.1 | 11.0.1 |
| Apple watchOS | <7.0 | 7.0 |
| Apple tvOS | <14.0 | 14.0 |
| redhat/sqlite | <3.32.1 | 3.32.1 |
| Apple iOS | <14.0 | 14.0 |
| Apple iPadOS | <14.0 | 14.0 |
| ubuntu/sqlite3 | <3.22.0-1ubuntu0.4 | 3.22.0-1ubuntu0.4 |
| ubuntu/sqlite3 | <3.29.0-2ubuntu0.3 | 3.29.0-2ubuntu0.3 |
| ubuntu/sqlite3 | <3.31.1-4ubuntu0.1 | 3.31.1-4ubuntu0.1 |
| ubuntu/sqlite3 | <3.32.1-1 | 3.32.1-1 |
| ubuntu/sqlite3 | <3.11.0-1ubuntu1.5 | 3.11.0-1ubuntu1.5 |
| SQLite SQLite | <=3.32.0 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Fedoraproject Fedora | =32 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| Canonical Ubuntu Linux | =20.04 | |
| FreeBSD FreeBSD | >=11.0<11.4 | |
| FreeBSD FreeBSD | =11.4 | |
| FreeBSD FreeBSD | =11.4-p1 | |
| FreeBSD FreeBSD | =12.0 | |
| FreeBSD FreeBSD | =12.0-p1 | |
| FreeBSD FreeBSD | =12.0-p10 | |
| FreeBSD FreeBSD | =12.0-p11 | |
| FreeBSD FreeBSD | =12.0-p12 | |
| FreeBSD FreeBSD | =12.0-p2 | |
| FreeBSD FreeBSD | =12.0-p3 | |
| FreeBSD FreeBSD | =12.0-p4 | |
| FreeBSD FreeBSD | =12.0-p5 | |
| FreeBSD FreeBSD | =12.0-p6 | |
| FreeBSD FreeBSD | =12.0-p7 | |
| FreeBSD FreeBSD | =12.0-p8 | |
| FreeBSD FreeBSD | =12.0-p9 | |
| FreeBSD FreeBSD | =12.1 | |
| FreeBSD FreeBSD | =12.1-p1 | |
| FreeBSD FreeBSD | =12.1-p2 | |
| FreeBSD FreeBSD | =12.1-p3 | |
| FreeBSD FreeBSD | =12.1-p4 | |
| FreeBSD FreeBSD | =12.1-p5 | |
| FreeBSD FreeBSD | =12.1-p6 | |
| FreeBSD FreeBSD | =12.1-p7 | |
| Oracle Communications Cloud Native Core Policy | =1.14.0 | |
| Oracle Communications Network Charging And Control | >=12.0.0<=12.0.3 | |
| Oracle Communications Network Charging And Control | =6.0.1 | |
| Oracle Outside In Technology | =8.5.5 | |
| Apple Icloud Windows | <11.5 | |
| Apple Itunes Windows | <12.10.9 | |
| Apple iPadOS | <14.0 | |
| Apple iPhone OS | <14.0 | |
| Apple macOS | >=11.0<11.0.1 | |
| Apple tvOS | <14.0 | |
| Apple watchOS | <7.0 | |
| debian/sqlite | 2.8.17-15 2.8.17-15+deb10u1 | |
| debian/sqlite3 | 3.27.2-3+deb10u1 3.27.2-3+deb10u2 3.34.1-3 3.40.1-2 3.45.3-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/182405
- https://www.ibm.com/support/pages/node/6538418 (Advisory)
- https://support.apple.com/en-us/HT211952 (Advisory)
- https://support.apple.com/en-us/HT211935 (Advisory)
- https://www.sqlite.org/src/info/23439ea582241138
- https://www.sqlite.org/src/info/d08d3405878d394e
- https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html
- https://security.netapp.com/advisory/ntap-20200528-0004/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
- https://usn.ubuntu.com/4394-1/
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://security.gentoo.org/glsa/202007-26
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
- https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
- https://support.apple.com/kb/HT211843
- https://support.apple.com/kb/HT211844
- https://support.apple.com/kb/HT211850
- https://support.apple.com/kb/HT211931
- https://support.apple.com/kb/HT211952
- http://seclists.org/fulldisclosure/2020/Nov/20
- http://seclists.org/fulldisclosure/2020/Nov/19
- http://seclists.org/fulldisclosure/2020/Nov/22
- https://support.apple.com/kb/HT211935
- http://seclists.org/fulldisclosure/2020/Dec/32
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://launchpad.net/bugs/cve/CVE-2020-13434
- https://support.apple.com/en-us/HT211931 (Advisory)
- https://support.apple.com/en-us/HT211844 (Advisory)
- https://support.apple.com/en-us/HT211843 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841225
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841227
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841224
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841226
- https://github.com/sqlite/sqlite/commit/a5c1416d64b4b857721f085258b6ef1dcaeb6f5b
- https://access.redhat.com/errata/RHSA-2021:1581
- https://access.redhat.com/security/cve/cve-2020-13434
- https://access.redhat.com/errata/RHSA-2021:1968
- https://bugzilla.redhat.com/show_bug.cgi?id=1841223
- https://support.apple.com/en-us/HT211850 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
- https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018
- https://security-tracker.debian.org/tracker/CVE-2020-13434
- https://ubuntu.com/security/notices/USN-4394-1
- https://www.cve.org/CVERecord?id=CVE-2020-13434
- https://nvd.nist.gov/vuln/detail/CVE-2020-13434
- https://ubuntu.com/security/CVE-2020-13434
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9999
- CVE-2020-9961
- CVE-2020-9876
- CVE-2020-36521
- CVE-2020-9981
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-13630
- CVE-2020-13631
- CVE-2020-9849
- CVE-2020-9947
- CVE-2020-9951
- CVE-2020-9983
- CVE-2020-10002
- CVE-2020-27912
- CVE-2020-27917
- CVE-2020-27911
- CVE-2020-27918
- CVE-2020-27914
- CVE-2020-27915
- CVE-2020-27903
- CVE-2020-27910
- CVE-2020-27916
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-27906
- CVE-2020-27945
- CVE-2020-27908
- CVE-2020-27909
- CVE-2020-9960
- CVE-2020-10017
- CVE-2020-9949
- CVE-2020-9897
- CVE-2020-9883
- CVE-2020-10003
- CVE-2020-27922
- CVE-2020-27937
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-27894
- CVE-2020-36615
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29629
- CVE-2020-27942
- CVE-2020-9962
- CVE-2020-27952
- CVE-2020-9956
- CVE-2020-27931
- CVE-2020-27930
- CVE-2020-27927
- CVE-2020-29639
- CVE-2020-9978
- CVE-2020-9955
- CVE-2020-27924
- CVE-2020-27923
- CVE-2020-10015
- CVE-2020-27897
- CVE-2020-27907
- CVE-2020-27919
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-27921
- CVE-2020-27904
- CVE-2019-14899
- CVE-2020-27950
- CVE-2020-9974
- CVE-2020-10016
- CVE-2020-27932
- CVE-2020-27920
- CVE-2020-9971
- CVE-2020-10014
- CVE-2020-10010
- CVE-2020-9941
- CVE-2020-9988
- CVE-2020-9989
- CVE-2020-10011
- CVE-2020-13524
- CVE-2020-10004
- CVE-2020-9996
- CVE-2020-27901
- CVE-2020-27900
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-10007
- CVE-2020-27896
- CVE-2020-9963
- CVE-2020-10012
- CVE-2020-10663
- CVE-2020-9945
- CVE-2020-9977
- CVE-2020-9942
- CVE-2020-9987
- CVE-2021-1803
- CVE-2020-9969
- CVE-2020-27893
- CVE-2021-1755
- CVE-2020-10005
- CVE-2020-9991
- CVE-2020-15358
- CVE-2020-27899
- CVE-2020-10009
- CVE-2020-10008
- CVE-2020-9950
- CVE-2020-27898
- CVE-2020-27935
- CVE-2020-10006
- CVE-2020-9954
- CVE-2020-9976
- CVE-2020-9946
- CVE-2020-9993
- CVE-2020-9968
- CVE-2020-9952
- CVE-2020-9979
- CVE-2020-10013
- CVE-2020-9958
- CVE-2020-9773
- CVE-2020-9992
- CVE-2020-9964
- CVE-2020-13520
- CVE-2020-6147
- CVE-2020-9972
- CVE-2020-9973
- CVE-2020-9959
Frequently Asked Questions
What is CVE-2020-13434?
CVE-2020-13434 is a vulnerability in SQLite that was addressed with improved checks.
Which Apple products are affected by CVE-2020-13434?
CVE-2020-13434 affects Apple tvOS 14.0, Apple macOS Big Sur 11.0.1, Apple iOS 14.0, Apple iPadOS 14.0, Apple watchOS 7.0, Apple iTunes for Windows 12.10.9, and Apple iCloud for Windows 11.5.
How severe is CVE-2020-13434?
The severity of CVE-2020-13434 is not specified in the provided information.
How can I fix CVE-2020-13434?
To fix CVE-2020-13434, update your Apple product to the recommended remedy version mentioned in the affected software section.
Where can I find more information about CVE-2020-13434?
You can find more information about CVE-2020-13434 on the following Apple support pages: [link1], [link2], [link3].
- collector/ibm-support
- collector/apple-support
- alias/CVE-2020-13435
- agent/first-publish-date
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- agent/type
- alias/CVE-2020-9991
- agent/software-canonical-lookup-request
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-13434
- agent/software-canonical-lookup
- agent/description
- collector/usn-cve
- source/Ubuntu
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- vendor/ibm
- canonical/ibm security verify access
- version/ibm security verify access/10.0.0
- vendor/apple
- canonical/apple itunes for windows
- canonical/apple icloud for windows
- canonical/apple macos big sur
- canonical/apple watchos
- canonical/apple tvos
- package-manager/redhat
- canonical/apple ios
- canonical/apple ipados
- package-manager/ubuntu
- package-manager/debian
- vendor/sqlite
- canonical/sqlite sqlite
- version/sqlite sqlite/3.32.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- version/canonical ubuntu linux/20.04
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/11.0
- version/freebsd freebsd/11.4
- version/freebsd freebsd/11.4-p1
- version/freebsd freebsd/12.0
- version/freebsd freebsd/12.0-p1
- version/freebsd freebsd/12.0-p10
- version/freebsd freebsd/12.0-p11
- version/freebsd freebsd/12.0-p12
- version/freebsd freebsd/12.0-p2
- version/freebsd freebsd/12.0-p3
- version/freebsd freebsd/12.0-p4
- version/freebsd freebsd/12.0-p5
- version/freebsd freebsd/12.0-p6
- version/freebsd freebsd/12.0-p7
- version/freebsd freebsd/12.0-p8
- version/freebsd freebsd/12.0-p9
- version/freebsd freebsd/12.1
- version/freebsd freebsd/12.1-p1
- version/freebsd freebsd/12.1-p2
- version/freebsd freebsd/12.1-p3
- version/freebsd freebsd/12.1-p4
- version/freebsd freebsd/12.1-p5
- version/freebsd freebsd/12.1-p6
- version/freebsd freebsd/12.1-p7
- vendor/oracle
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.14.0
- canonical/oracle communications network charging and control
- version/oracle communications network charging and control/12.0.0
- version/oracle communications network charging and control/12.0.3
- version/oracle communications network charging and control/6.0.1
- canonical/oracle outside in technology
- version/oracle outside in technology/8.5.5
- canonical/apple icloud windows
- canonical/apple itunes windows
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/11.0