CVE-2020-13871: SQL Injection
First published: Sat Jun 06 2020(Updated: )
SQLite is vulnerable to a denial of service, caused by a use-after-free in resetAccumulator in select.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Data Risk Manager | <=2.0.6 | |
| SQLite SQLite | =3.32.2 | |
| Fedoraproject Fedora | =33 | |
| Debian Debian Linux | =9.0 | |
| Oracle Communications Messaging Server | =8.1 | |
| Oracle Communications Network Charging And Control | =6.0.1 | |
| Oracle Communications Network Charging And Control | =12.0.2 | |
| Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
| Oracle Hyperion Infrastructure Technology | =11.1.2.4 | |
| Oracle Mysql Workbench | <=8.0.22 | |
| Oracle ZFS Storage Appliance Kit | =8.8 | |
| Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
| Netapp Cloud Backup | ||
| NetApp ONTAP Select Deploy administration utility | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://android.googlesource.com/platform/external/sqlite/+/84500124e617d2548c2b2374eb84a3e0ea8884d1
- https://source.android.com/docs/security/bulletin/2021-11-01 (Advisory)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/183370
- https://www.ibm.com/support/pages/node/6335281 (Advisory)
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BN32AGQPMHZRNM6P6L5GZPETOWTGXOKP/
- https://security.gentoo.org/glsa/202007-26
- https://security.netapp.com/advisory/ntap-20200619-0002/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.sqlite.org/src/info/79eff1d0383179c4
- https://www.sqlite.org/src/info/c8d3b9f0a750a529
- https://www.sqlite.org/src/info/cd708fa84d2aaaea
Frequently Asked Questions
What is the vulnerability ID for this SQLite vulnerability?
The vulnerability ID for this SQLite vulnerability is CVE-2020-13871.
What is the severity of CVE-2020-13871?
The severity of CVE-2020-13871 is high.
Which software products are affected by CVE-2020-13871?
The software products affected by CVE-2020-13871 are Google Android, IBM Data Risk Manager, SQLite, Fedoraproject Fedora, Debian Debian Linux, Oracle Communications Messaging Server, Oracle Communications Network Charging And Control, Oracle Enterprise Manager Ops Center, Oracle Hyperion Infrastructure Technology, Oracle Mysql Workbench, Oracle ZFS Storage Appliance Kit, Siemens Sinec Infrastructure Network Services, Netapp Cloud Backup, and NetApp ONTAP Select Deploy administration utility.
How can the CVE-2020-13871 vulnerability be exploited?
The CVE-2020-13871 vulnerability can be exploited by sending a specially crafted request to the vulnerable SQLite version.
Are there any patches available for CVE-2020-13871?
Yes, patches are available for some of the affected software products. Please refer to the respective vendor's website for patch information.
- collector/ibm-support
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/description
- agent/author
- agent/severity
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6
- vendor/sqlite
- canonical/sqlite sqlite
- version/sqlite sqlite/3.32.2
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/oracle
- canonical/oracle communications messaging server
- version/oracle communications messaging server/8.1
- canonical/oracle communications network charging and control
- version/oracle communications network charging and control/6.0.1
- version/oracle communications network charging and control/12.0.2
- canonical/oracle enterprise manager ops center
- version/oracle enterprise manager ops center/12.4.0.0
- canonical/oracle hyperion infrastructure technology
- version/oracle hyperion infrastructure technology/11.1.2.4
- canonical/oracle mysql workbench
- version/oracle mysql workbench/8.0.22
- canonical/oracle zfs storage appliance kit
- version/oracle zfs storage appliance kit/8.8
- vendor/siemens
- canonical/siemens sinec infrastructure network services
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp ontap select deploy administration utility
- vendor/google
- canonical/google android