In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | Patch Third Party Advisory |
https://security.gentoo.org/glsa/202003-16 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20200313-0002/ | Third Party Advisory |
https://usn.ubuntu.com/4298-1/ | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuApr2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2020.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2020.html | Patch Third Party Advisory |
https://www.sqlite.org/cgi/src/info/4374860b29383380 | Vendor Advisory |
https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e | Patch Vendor Advisory |
https://www.sqlite.org/cgi/src/info/abc473fb8fb99900 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
08 Apr 2022, 10:33
Type | Values Removed | Values Added |
---|---|---|
First Time |
Siemens
Oracle outside In Technology Oracle Oracle hyperion Infrastructure Technology Oracle mysql Workbench Canonical ubuntu Linux Netapp Oracle enterprise Manager Ops Center Canonical Oracle communications Network Charging And Control Netapp cloud Backup Siemens sinec Infrastructure Network Services Oracle communications Messaging Server Oracle zfs Storage Appliance Kit |
|
CPE | cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:* |
|
References | (MISC) https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e - Patch, Vendor Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202003-16 - Third Party Advisory | |
References | (MISC) https://www.sqlite.org/cgi/src/info/abc473fb8fb99900 - Patch, Vendor Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4298-1/ - Patch, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200313-0002/ - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Patch, Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory |
10 Mar 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-02-21 22:15
Updated : 2023-12-10 13:13
NVD link : CVE-2020-9327
Mitre link : CVE-2020-9327
CVE.ORG link : CVE-2020-9327
JSON object : View
Products Affected
sqlite
- sqlite
oracle
- zfs_storage_appliance_kit
- enterprise_manager_ops_center
- hyperion_infrastructure_technology
- communications_messaging_server
- communications_network_charging_and_control
- outside_in_technology
- mysql_workbench
siemens
- sinec_infrastructure_network_services
netapp
- cloud_backup
canonical
- ubuntu_linux
CWE
CWE-476
NULL Pointer Dereference