CVE-2020-13434: SQL Injection
First published: Sun May 24 2020(Updated: )
Last updated 24 July 2024
Credit: CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/sqlite | <3.32.1 | 3.32.1 |
| Apple macOS | <11.0.1 | 11.0.1 |
| tvOS | <14.0 | 14.0 |
| Apple iOS, iPadOS, and watchOS | <7.0 | 7.0 |
| Apple iCloud | <11.5 | 11.5 |
| IBM Security Verify Access OIDC Provider | <=10.0.0 | |
| iTunes | <12.10.9 | 12.10.9 |
| Apple iOS and iPadOS | <14.0 | 14.0 |
| Apple iOS, iPadOS, and macOS | <14.0 | 14.0 |
| SQLite | <=3.32.0 | |
| Debian Linux | =8.0 | |
| Debian Linux | =9.0 | |
| Red Hat Fedora | =32 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.10 | |
| Ubuntu | =20.04 | |
| FreeBSD Kernel | >=11.0<11.4 | |
| FreeBSD Kernel | =11.4 | |
| FreeBSD Kernel | =11.4-p1 | |
| FreeBSD Kernel | =12.0 | |
| FreeBSD Kernel | =12.0-p1 | |
| FreeBSD Kernel | =12.0-p10 | |
| FreeBSD Kernel | =12.0-p11 | |
| FreeBSD Kernel | =12.0-p12 | |
| FreeBSD Kernel | =12.0-p2 | |
| FreeBSD Kernel | =12.0-p3 | |
| FreeBSD Kernel | =12.0-p4 | |
| FreeBSD Kernel | =12.0-p5 | |
| FreeBSD Kernel | =12.0-p6 | |
| FreeBSD Kernel | =12.0-p7 | |
| FreeBSD Kernel | =12.0-p8 | |
| FreeBSD Kernel | =12.0-p9 | |
| FreeBSD Kernel | =12.1 | |
| FreeBSD Kernel | =12.1-p1 | |
| FreeBSD Kernel | =12.1-p2 | |
| FreeBSD Kernel | =12.1-p3 | |
| FreeBSD Kernel | =12.1-p4 | |
| FreeBSD Kernel | =12.1-p5 | |
| FreeBSD Kernel | =12.1-p6 | |
| FreeBSD Kernel | =12.1-p7 | |
| Oracle Communications Cloud Native Core Policy | =1.14.0 | |
| Oracle Communications Network Charging and Control | >=12.0.0<=12.0.3 | |
| Oracle Communications Network Charging and Control | =6.0.1 | |
| Oracle Outside In Technology | =8.5.5 | |
| iCloud for Windows | <11.5 | |
| iTunes | <12.10.9 | |
| Apple iOS, iPadOS, and macOS | <14.0 | |
| iPhone OS | <14.0 | |
| macOS | >=11.0<11.0.1 | |
| tvOS | <14.0 | |
| Apple iOS, iPadOS, and watchOS | <7.0 | |
| debian/sqlite3 | 3.34.1-3 3.34.1-3+deb11u1 3.40.1-2+deb12u1 3.46.1-3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211952 (Advisory)
- https://support.apple.com/en-us/HT211935 (Advisory)
- https://www.sqlite.org/src/info/23439ea582241138
- https://www.sqlite.org/src/info/d08d3405878d394e
- https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html
- https://security.netapp.com/advisory/ntap-20200528-0004/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
- https://usn.ubuntu.com/4394-1/
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://security.gentoo.org/glsa/202007-26
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
- https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
- https://support.apple.com/kb/HT211843
- https://support.apple.com/kb/HT211844
- https://support.apple.com/kb/HT211850
- https://support.apple.com/kb/HT211931
- https://support.apple.com/kb/HT211952
- http://seclists.org/fulldisclosure/2020/Nov/20
- http://seclists.org/fulldisclosure/2020/Nov/19
- http://seclists.org/fulldisclosure/2020/Nov/22
- https://support.apple.com/kb/HT211935
- http://seclists.org/fulldisclosure/2020/Dec/32
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://launchpad.net/bugs/cve/CVE-2020-13434
- https://support.apple.com/en-us/HT211931 (Advisory)
- https://support.apple.com/en-us/HT211844 (Advisory)
- https://support.apple.com/en-us/HT211843 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841225
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841227
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841224
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841226
- https://github.com/sqlite/sqlite/commit/a5c1416d64b4b857721f085258b6ef1dcaeb6f5b
- https://access.redhat.com/errata/RHSA-2021:1581
- https://access.redhat.com/security/cve/cve-2020-13434
- https://access.redhat.com/errata/RHSA-2021:1968
- https://bugzilla.redhat.com/show_bug.cgi?id=1841223
- https://support.apple.com/en-us/HT211850 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/182405
- https://www.ibm.com/support/pages/node/6538418 (Advisory)
- https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018
- https://security-tracker.debian.org/tracker/CVE-2020-13434
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434
- https://nvd.nist.gov/vuln/detail/CVE-2020-13434
- https://ubuntu.com/security/CVE-2020-13434
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-27914
- CVE-2020-27915
- CVE-2020-27903
- CVE-2020-27910
- CVE-2020-27916
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-27906
- CVE-2020-27945
- CVE-2020-27908
- CVE-2020-27909
- CVE-2020-9960
- CVE-2020-10017
- CVE-2020-9949
- CVE-2020-9897
- CVE-2020-9883
- CVE-2020-10003
- CVE-2020-27922
- CVE-2020-9999
- CVE-2020-27937
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-27894
- CVE-2020-36615
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29629
- CVE-2020-27942
- CVE-2020-9962
- CVE-2020-27952
- CVE-2020-9956
- CVE-2020-27931
- CVE-2020-27930
- CVE-2020-27927
- CVE-2020-29639
- CVE-2020-10002
- CVE-2020-9978
- CVE-2020-9955
- CVE-2020-27924
- CVE-2020-27912
- CVE-2020-27923
- CVE-2020-9876
- CVE-2020-10015
- CVE-2020-27897
- CVE-2020-27907
- CVE-2020-27919
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-27921
- CVE-2020-27904
- CVE-2019-14899
- CVE-2020-27950
- CVE-2020-9974
- CVE-2020-10016
- CVE-2020-27932
- CVE-2020-27917
- CVE-2020-27920
- CVE-2020-27911
- CVE-2020-9971
- CVE-2020-10014
- CVE-2020-10010
- CVE-2020-9941
- CVE-2020-9988
- CVE-2020-9989
- CVE-2020-10011
- CVE-2020-13524
- CVE-2020-10004
- CVE-2020-9996
- CVE-2020-27901
- CVE-2020-27900
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-10007
- CVE-2020-27896
- CVE-2020-9963
- CVE-2020-10012
- CVE-2020-10663
- CVE-2020-9945
- CVE-2020-9977
- CVE-2020-9942
- CVE-2020-9987
- CVE-2021-1803
- CVE-2020-9969
- CVE-2020-27893
- CVE-2021-1755
- CVE-2020-10005
- CVE-2020-9991
- CVE-2020-9849
- CVE-2020-15358
- CVE-2020-13631
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-13630
- CVE-2020-27899
- CVE-2020-10009
- CVE-2020-10008
- CVE-2020-27918
- CVE-2020-9947
- CVE-2020-9950
- CVE-2020-27898
- CVE-2020-27935
- CVE-2020-10006
- CVE-2020-9979
- CVE-2020-9954
- CVE-2020-36521
- CVE-2020-9961
- CVE-2020-9976
- CVE-2020-9981
- CVE-2020-9968
- CVE-2020-9951
- CVE-2020-9983
- CVE-2020-9952
- CVE-2020-10013
- CVE-2020-9946
- CVE-2020-9993
- CVE-2020-9958
- CVE-2020-9773
- CVE-2020-9992
- CVE-2020-9964
- CVE-2020-13520
- CVE-2020-6147
- CVE-2020-9972
- CVE-2020-9973
- CVE-2020-9959
Frequently Asked Questions
What is CVE-2020-13434?
CVE-2020-13434 is a vulnerability in SQLite that was addressed with improved checks.
Which Apple products are affected by CVE-2020-13434?
CVE-2020-13434 affects Apple tvOS 14.0, Apple macOS Big Sur 11.0.1, Apple iOS 14.0, Apple iPadOS 14.0, Apple watchOS 7.0, Apple iTunes for Windows 12.10.9, and Apple iCloud for Windows 11.5.
How severe is CVE-2020-13434?
The severity of CVE-2020-13434 is not specified in the provided information.
How can I fix CVE-2020-13434?
To fix CVE-2020-13434, update your Apple product to the recommended remedy version mentioned in the affected software section.
Where can I find more information about CVE-2020-13434?
You can find more information about CVE-2020-13434 on the following Apple support pages: [link1], [link2], [link3].
- collector/launchpad-cve
- source/Launchpad
- agent/type
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-13434
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/trending
- collector/apple-support
- alias/CVE-2020-13435
- alias/CVE-2020-9991
- agent/software-canonical-lookup-request
- agent/source
- agent/author
- collector/ibm-support
- source/IBM
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/apple
- canonical/apple macos
- canonical/tvos
- canonical/apple ios, ipados, and watchos
- canonical/apple icloud
- vendor/ibm
- canonical/ibm security verify access oidc provider
- version/ibm security verify access oidc provider/10.0.0
- canonical/itunes
- canonical/apple ios and ipados
- canonical/apple ios, ipados, and macos
- vendor/sqlite
- canonical/sqlite
- version/sqlite/3.32.0
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- version/debian linux/9.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/32
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/19.10
- version/ubuntu/20.04
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/11.0
- version/freebsd kernel/11.4
- version/freebsd kernel/11.4-p1
- version/freebsd kernel/12.0
- version/freebsd kernel/12.0-p1
- version/freebsd kernel/12.0-p10
- version/freebsd kernel/12.0-p11
- version/freebsd kernel/12.0-p12
- version/freebsd kernel/12.0-p2
- version/freebsd kernel/12.0-p3
- version/freebsd kernel/12.0-p4
- version/freebsd kernel/12.0-p5
- version/freebsd kernel/12.0-p6
- version/freebsd kernel/12.0-p7
- version/freebsd kernel/12.0-p8
- version/freebsd kernel/12.0-p9
- version/freebsd kernel/12.1
- version/freebsd kernel/12.1-p1
- version/freebsd kernel/12.1-p2
- version/freebsd kernel/12.1-p3
- version/freebsd kernel/12.1-p4
- version/freebsd kernel/12.1-p5
- version/freebsd kernel/12.1-p6
- version/freebsd kernel/12.1-p7
- vendor/oracle
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.14.0
- canonical/oracle communications network charging and control
- version/oracle communications network charging and control/12.0.0
- version/oracle communications network charging and control/12.0.3
- version/oracle communications network charging and control/6.0.1
- canonical/oracle outside in technology
- version/oracle outside in technology/8.5.5
- canonical/icloud for windows
- canonical/iphone os
- canonical/macos
- version/macos/11.0
- package-manager/debian