First published: Wed Feb 03 2021(Updated: )
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
SQLite SQLite | >=3.33.0<3.34.1 | |
Oracle Communications Network Charging And Control | >=12.0.1.0<=12.0.4.0.0 | |
Oracle Communications Network Charging And Control | =6.0.1 | |
Oracle Enterprise Manager For Oracle Database | =13.4.0.0 | |
Oracle Jd Edwards Enterpriseone Tools | <9.2.6.0 | |
Oracle Mysql Workbench | <=8.0.26 | |
Oracle Outside In Technology | =8.5.5 | |
Oracle ZFS Storage Appliance Kit | =8.8 | |
redhat/sqlite | <3.34.1 | 3.34.1 |
IBM Pub | <=7.0.1 | |
IBM Pub | <=7.0.2 | |
IBM Pub | <=7.0 | |
IBM Engineering Requirements Quality Assistant On-Premises | <=All | |
IBM DOORS Next | <=7.0.2 | |
IBM DOORS Next | <=7.0 | |
IBM DOORS Next | <=7.0.1 | |
IBM CLM | <=6.0.6.1 | |
IBM CLM | <=6.0.6 | |
IBM ELM | <=7.0.2 | |
IBM ELM | <=7.0 | |
IBM ELM | <=7.0.1 | |
IBM EWM | <=7.0.2 | |
IBM EWM | <=7.0.1 | |
IBM RTC | <=6.0.6.1 | |
IBM EWM | <=7.0 | |
IBM RTC | <=6.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this SQLite vulnerability is CVE-2021-20227.
CVE-2021-20227 has a severity rating of 5.5 (Medium).
CVE-2021-20227 in SQLite allows an attacker running SQL queries locally on the database to cause a denial of service or possible code execution.
SQLite versions up to exclusive 3.34.1 are affected by CVE-2021-20227.
Yes, the remedy for CVE-2021-20227 is to update to SQLite version 3.34.1.