CVE-2020-13630

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
sqlitesqlite
𝑥
< 3.32.0
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.10
canonicalubuntu_linux
20.04
netappcloud_backup
-
netappsolidfire\,_enterprise_sds_\&_hci_storage_node
-
brocadefabric_operating_system
-
netapphci_compute_node_firmware
-
debiandebian_linux
9.0
siemenssinec_infrastructure_network_services
𝑥
< 1.0.1.1
appleicloud
𝑥
< 11.5
appleitunes
𝑥
< 12.10.9
appleipados
𝑥
< 14.0
appleiphone_os
𝑥
< 14.0
applemacos
𝑥
< 11.0.1
appletvos
𝑥
< 14.0
applewatchos
𝑥
< 7.0
oraclecommunications_network_charging_and_control
12.0.0 ≤
𝑥
≤ 12.0.3
oraclecommunications_network_charging_and_control
6.0.1
oracleoutside_in_technology
8.5.4
oracleoutside_in_technology
8.5.5
oraclezfs_storage_appliance_kit
8.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sqlite3
bullseye
3.34.1-3
fixed
jessie
not-affected
bullseye (security)
3.34.1-3+deb11u1
fixed
bookworm
3.40.1-2
fixed
sid
3.46.1-1
fixed
trixie
3.46.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sqlite
focal
not-affected
eoan
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
sqlite3
focal
Fixed 3.31.1-4ubuntu0.1
released
eoan
Fixed 3.29.0-2ubuntu0.3
released
bionic
Fixed 3.22.0-1ubuntu0.4
released
xenial
Fixed 3.11.0-1ubuntu1.5
released
trusty
not-affected
References