First published: Wed Feb 03 2021(Updated: )
SQLite 3.34.1 fixes a potential use-after-free bug when processing a subquery with both a correlated WHERE clause and a "HAVING 0" clause and where the parent query is an aggregate. References: <a href="https://sqlite.org/src/info/30a4c323650cc949">https://sqlite.org/src/info/30a4c323650cc949</a> <a href="https://www.sqlite.org/releaselog/3_34_1.html">https://www.sqlite.org/releaselog/3_34_1.html</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/sqlite | <3.34.1 | 3.34.1 |
IBM DRM | <=2.0.6 | |
SQLite SQLite | >=3.33.0<3.34.1 | |
Oracle Communications Network Charging And Control | >=12.0.1.0<=12.0.4.0.0 | |
Oracle Communications Network Charging And Control | =6.0.1 | |
Oracle Enterprise Manager For Oracle Database | =13.4.0.0 | |
Oracle Jd Edwards Enterpriseone Tools | <9.2.6.0 | |
Oracle Mysql Workbench | <=8.0.26 | |
Oracle Outside In Technology | =8.5.5 | |
Oracle ZFS Storage Appliance Kit | =8.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this SQLite vulnerability is CVE-2021-20227.
CVE-2021-20227 has a severity rating of 5.5 (Medium).
CVE-2021-20227 in SQLite allows an attacker running SQL queries locally on the database to cause a denial of service or possible code execution.
SQLite versions up to exclusive 3.34.1 are affected by CVE-2021-20227.
Yes, the remedy for CVE-2021-20227 is to update to SQLite version 3.34.1.