First published: Fri Feb 21 2020(Updated: )
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SQLite SQLite | =3.31.1 | |
Netapp Cloud Backup | ||
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
Oracle Communications Network Charging And Control | >=12.0.0<=12.0.3 | |
Oracle Communications Network Charging And Control | =6.0.1 | |
Oracle Communications Network Charging And Control | =12.0.2 | |
Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
Oracle Hyperion Infrastructure Technology | =11.1.2.4 | |
Oracle Mysql Workbench | <=8.0.22 | |
Oracle Outside In Technology | =8.5.4 | |
Oracle Outside In Technology | =8.5.5 | |
Oracle ZFS Storage Appliance Kit | =8.8 | |
Oracle Communications Messaging Server | =8.1 | |
ubuntu/sqlite3 | <3.22.0-1ubuntu0.3 | 3.22.0-1ubuntu0.3 |
ubuntu/sqlite3 | <3.29.0-2ubuntu0.2 | 3.29.0-2ubuntu0.2 |
ubuntu/sqlite3 | <3.31.1-3 | 3.31.1-3 |
debian/sqlite | 2.8.17-15 2.8.17-15+deb10u1 | |
debian/sqlite3 | 3.27.2-3+deb10u1 3.27.2-3+deb10u2 3.34.1-3 3.40.1-2 3.45.3-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9327 is a vulnerability in SQLite 3.31.1 that allows attackers to trigger a NULL pointer dereference and segmentation fault.
The severity of CVE-2020-9327 is high with a severity value of 7.5.
CVE-2020-9327 affects SQLite 3.22.0-1ubuntu0.3, 3.29.0-2ubuntu0.2, 3.31.1-3, and other versions.
To fix CVE-2020-9327, update to a version of SQLite that is not affected by the vulnerability.
You can find more information about CVE-2020-9327 on the CERT-Portal Siemens, Gentoo Security, and Netapp Security websites.