A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1924886 | Issue Tracking Third Party Advisory |
https://security.gentoo.org/glsa/202103-04 | Third Party Advisory |
https://security.gentoo.org/glsa/202210-40 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210423-0010/ | Third Party Advisory |
https://www.oracle.com//security-alerts/cpujul2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuApr2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2021.html | Patch Third Party Advisory |
https://www.sqlite.org/releaselog/3_34_1.html | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
16 Nov 2022, 18:58
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202210-40 - Third Party Advisory |
31 Oct 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Dec 2021, 17:03
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:* |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jun 2021, 13:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:* | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory |
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Jun 2021, 15:13
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202103-04 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210423-0010/ - Third Party Advisory |
23 Apr 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Mar 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Mar 2021, 19:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://www.sqlite.org/releaselog/3_34_1.html - Release Notes, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1924886 - Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* |
23 Mar 2021, 17:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
New CVE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
Information
Published : 2021-03-23 17:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-20227
Mitre link : CVE-2021-20227
CVE.ORG link : CVE-2021-20227
JSON object : View
Products Affected
oracle
- zfs_storage_appliance_kit
- communications_network_charging_and_control
- outside_in_technology
- enterprise_manager_for_oracle_database
- jd_edwards_enterpriseone_tools
- mysql_workbench
sqlite
- sqlite
CWE
CWE-416
Use After Free