CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
sqlitesqlite
3.33.0 ≤
𝑥
< 3.34.1
oraclecommunications_network_charging_and_control
12.0.1.0 ≤
𝑥
≤ 12.0.4.0.0
oraclecommunications_network_charging_and_control
6.0.1
oracleenterprise_manager_for_oracle_database
13.4.0.0
oraclejd_edwards_enterpriseone_tools
𝑥
< 9.2.6.0
oraclemysql_workbench
𝑥
≤ 8.0.26
oracleoutside_in_technology
8.5.5
oraclezfs_storage_appliance_kit
8.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sqlite3
bullseye
3.34.1-3
fixed
buster
not-affected
stretch
not-affected
bullseye (security)
3.34.1-3+deb11u1
fixed
bookworm
3.40.1-2
fixed
sid
3.46.1-1
fixed
trixie
3.46.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sqlite
groovy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
sqlite3
groovy
Fixed 3.33.0-1ubuntu0.1
released
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1924886
https://security.gentoo.org/glsa/202103-04
https://security.gentoo.org/glsa/202210-40
https://security.netapp.com/advisory/ntap-20210423-0010/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.sqlite.org/releaselog/3_34_1.html
https://bugzilla.redhat.com/show_bug.cgi?id=1924886
https://security.gentoo.org/glsa/202103-04
https://security.gentoo.org/glsa/202210-40
https://security.netapp.com/advisory/ntap-20210423-0010/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.sqlite.org/releaselog/3_34_1.html