CVE-2020-13435: SQL Injection
First published: Sun May 24 2020(Updated: )
SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
Credit: CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 CVE-2020-13434 CVE-2020-13435 CVE-2020-13434 CVE-2020-13435 cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SQLite SQLite | <=3.32.0 | |
| Fedoraproject Fedora | =32 | |
| Apple iTunes for Windows | <12.10.9 | 12.10.9 |
| Apple iCloud for Windows | <11.5 | 11.5 |
| Apple macOS Big Sur | <11.0.1 | 11.0.1 |
| Apple watchOS | <7.0 | 7.0 |
| Apple tvOS | <14.0 | 14.0 |
| redhat/sqlite | <3.32.1 | 3.32.1 |
| Apple iOS | <14.0 | 14.0 |
| Apple iPadOS | <14.0 | 14.0 |
| ubuntu/sqlite3 | <3.29.0-2ubuntu0.3 | 3.29.0-2ubuntu0.3 |
| ubuntu/sqlite3 | <3.31.1-4ubuntu0.1 | 3.31.1-4ubuntu0.1 |
| ubuntu/sqlite3 | <3.32.1-1 | 3.32.1-1 |
| debian/sqlite | 2.8.17-15 2.8.17-15+deb10u1 | |
| debian/sqlite3 | 3.27.2-3+deb10u1 3.27.2-3+deb10u2 3.34.1-3 3.40.1-2 3.45.3-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2020/Dec/32
- http://seclists.org/fulldisclosure/2020/Nov/19
- http://seclists.org/fulldisclosure/2020/Nov/20
- http://seclists.org/fulldisclosure/2020/Nov/22
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
- https://security.gentoo.org/glsa/202007-26
- https://security.netapp.com/advisory/ntap-20200528-0004/
- https://support.apple.com/kb/HT211843
- https://support.apple.com/kb/HT211844
- https://support.apple.com/kb/HT211850
- https://support.apple.com/kb/HT211931
- https://support.apple.com/kb/HT211935
- https://support.apple.com/kb/HT211952
- https://usn.ubuntu.com/4394-1/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.sqlite.org/src/info/7a5279a25c57adf1
- https://support.apple.com/en-us/HT211952 (Advisory)
- https://support.apple.com/en-us/HT211935 (Advisory)
- https://launchpad.net/bugs/cve/CVE-2020-13435
- https://support.apple.com/en-us/HT211931 (Advisory)
- https://support.apple.com/en-us/HT211844 (Advisory)
- https://support.apple.com/en-us/HT211843 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841233
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841235
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841232
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1841234
- https://www.sqlite.org/src/info/ad7bb70af9bb68d1
- https://access.redhat.com/errata/RHSA-2021:4396
- https://bugzilla.redhat.com/show_bug.cgi?id=1841231
- https://support.apple.com/en-us/HT211850 (Advisory)
- https://www.sqlite.org/src/info/572105de1d44bca4
- https://security-tracker.debian.org/tracker/CVE-2020-13435
- https://ubuntu.com/security/notices/USN-4394-1
- https://www.cve.org/CVERecord?id=CVE-2020-13435
- https://nvd.nist.gov/vuln/detail/CVE-2020-13435
- https://github.com/sqlite/sqlite/commit/c37577bb2dfb602a5cdbba8322a01b548c34c185
- https://github.com/sqlite/sqlite/commit/0934d640456bb168a8888ae388643c5160afe501
- https://ubuntu.com/security/CVE-2020-13435
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9999
- CVE-2020-9961
- CVE-2020-9876
- CVE-2020-36521
- CVE-2020-9981
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-13630
- CVE-2020-13631
- CVE-2020-9849
- CVE-2020-9947
- CVE-2020-9951
- CVE-2020-9983
- CVE-2020-10002
- CVE-2020-27912
- CVE-2020-27917
- CVE-2020-27911
- CVE-2020-27918
- CVE-2020-27914
- CVE-2020-27915
- CVE-2020-27903
- CVE-2020-27910
- CVE-2020-27916
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-27906
- CVE-2020-27945
- CVE-2020-27908
- CVE-2020-27909
- CVE-2020-9960
- CVE-2020-10017
- CVE-2020-9949
- CVE-2020-9897
- CVE-2020-9883
- CVE-2020-10003
- CVE-2020-27922
- CVE-2020-27937
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-27894
- CVE-2020-36615
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29629
- CVE-2020-27942
- CVE-2020-9962
- CVE-2020-27952
- CVE-2020-9956
- CVE-2020-27931
- CVE-2020-27930
- CVE-2020-27927
- CVE-2020-29639
- CVE-2020-9978
- CVE-2020-9955
- CVE-2020-27924
- CVE-2020-27923
- CVE-2020-10015
- CVE-2020-27897
- CVE-2020-27907
- CVE-2020-27919
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-27921
- CVE-2020-27904
- CVE-2019-14899
- CVE-2020-27950
- CVE-2020-9974
- CVE-2020-10016
- CVE-2020-27932
- CVE-2020-27920
- CVE-2020-9971
- CVE-2020-10014
- CVE-2020-10010
- CVE-2020-9941
- CVE-2020-9988
- CVE-2020-9989
- CVE-2020-10011
- CVE-2020-13524
- CVE-2020-10004
- CVE-2020-9996
- CVE-2020-27901
- CVE-2020-27900
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-10007
- CVE-2020-27896
- CVE-2020-9963
- CVE-2020-10012
- CVE-2020-10663
- CVE-2020-9945
- CVE-2020-9977
- CVE-2020-9942
- CVE-2020-9987
- CVE-2021-1803
- CVE-2020-9969
- CVE-2020-27893
- CVE-2021-1755
- CVE-2020-10005
- CVE-2020-9991
- CVE-2020-15358
- CVE-2020-27899
- CVE-2020-10009
- CVE-2020-10008
- CVE-2020-9950
- CVE-2020-27898
- CVE-2020-27935
- CVE-2020-10006
- CVE-2020-9954
- CVE-2020-9976
- CVE-2020-9946
- CVE-2020-9993
- CVE-2020-9968
- CVE-2020-9952
- CVE-2020-9979
- CVE-2020-10013
- CVE-2020-9958
- CVE-2020-9773
- CVE-2020-9992
- CVE-2020-9964
- CVE-2020-13520
- CVE-2020-6147
- CVE-2020-9972
- CVE-2020-9973
- CVE-2020-9959
Frequently Asked Questions
What is CVE-2020-13435?
CVE-2020-13435 is a vulnerability in SQLite that was addressed with improved checks.
Which software products are affected by CVE-2020-13435?
The following Apple software products are affected: tvOS (up to version 14.0), macOS Big Sur (up to version 11.0.1), iOS (up to version 14.0), iPadOS (up to version 14.0), watchOS (up to version 7.0), iTunes for Windows (up to version 12.10.9), and iCloud for Windows (up to version 11.5).
Where can I find more information about CVE-2020-13435?
You can find more information about CVE-2020-13435 on the Apple support website. Here are the reference links: [1](https://support.apple.com/en-us/HT211952), [2](https://support.apple.com/en-us/HT211850), [3](https://support.apple.com/en-us/HT211843).
What is the severity of CVE-2020-13435?
The severity of CVE-2020-13435 is not specified in the provided information.
How do I fix CVE-2020-13435?
To fix CVE-2020-13435, you should update the affected software to the latest available version.
- collector/nvd-index
- collector/apple-support
- alias/CVE-2020-13435
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/last-modified-date
- alias/CVE-2020-9991
- agent/software-canonical-lookup-request
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- agent/description
- agent/event
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/tags
- vendor/sqlite
- canonical/sqlite sqlite
- version/sqlite sqlite/3.32.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- vendor/apple
- canonical/apple itunes for windows
- canonical/apple icloud for windows
- canonical/apple macos big sur
- canonical/apple watchos
- canonical/apple tvos
- package-manager/redhat
- canonical/apple ios
- canonical/apple ipados
- package-manager/ubuntu
- package-manager/debian