CVE-2020-13632

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-13632
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 Permissions Required Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc Mitigation Third Party Advisory
https://security.gentoo.org/glsa/202007-26 Third Party Advisory
https://security.netapp.com/advisory/ntap-20200608-0002/ Third Party Advisory
https://sqlite.org/src/info/a4dd148928ea65bd Vendor Advisory
https://usn.ubuntu.com/4394-1/ Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*

Configuration 9 (hide)

OR cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
History

07 Nov 2023, 03:16

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/', 'name': 'FEDORA-2020-0477f8840e', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/ -

13 May 2022, 20:56

Type Values Removed Values Added
First Time Siemens
Canonical
Brocade fabric Operating System
Debian debian Linux
Oracle outside In Technology
Netapp
Netapp solidfire\, Enterprise Sds \& Hci Storage Node
Brocade
Oracle communications Network Charging And Control
Siemens sinec Infrastructure Network Services
Netapp cloud Backup
Debian
Oracle zfs Storage Appliance Kit
Canonical ubuntu Linux
Netapp hci Compute Node
Oracle
Netapp hci Compute Node Firmware
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/ - Third Party Advisory (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/ - Mailing List, Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory
References (FREEBSD) https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc - (FREEBSD) https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc - Mitigation, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4394-1/ - (UBUNTU) https://usn.ubuntu.com/4394-1/ - Patch, Third Party Advisory
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202007-26 - (GENTOO) https://security.gentoo.org/glsa/202007-26 - Third Party Advisory
CPE cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

10 Mar 2022, 17:41

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf -
Information

Published : 2020-05-27 15:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-13632

Mitre link : CVE-2020-13632

CVE.ORG link : CVE-2020-13632

JSON object : View

Products Affected

netapp

  • hci_compute_node_firmware
  • cloud_backup
  • solidfire\,_enterprise_sds_\&_hci_storage_node
  • hci_compute_node

oracle

  • outside_in_technology
  • communications_network_charging_and_control
  • zfs_storage_appliance_kit

brocade

  • fabric_operating_system

debian

  • debian_linux

canonical

  • ubuntu_linux

siemens

  • sinec_infrastructure_network_services

sqlite

  • sqlite

fedoraproject

  • fedora
CWE
CWE-476

NULL Pointer Dereference