CVE-2020-13434

moderate-risk

Published 2020-05-24

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Sqlite

Debian Linux

Fedora

Ubuntu Linux

Freebsd

Freebsd Debian Apple Oracle Canonical Fedoraproject Sqlite

Mailing List http://seclists.org/fulldisclosure/2020/Dec/32

Mailing List http://seclists.org/fulldisclosure/2020/Nov/19

Mailing List http://seclists.org/fulldisclosure/2020/Nov/20

Mailing List http://seclists.org/fulldisclosure/2020/Nov/22

Mailing List https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html

Third Party Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc

Third Party Advisory https://security.gentoo.org/glsa/202007-26

Third Party Advisory https://security.netapp.com/advisory/ntap-20200528-0004/

Third Party Advisory https://support.apple.com/kb/HT211843

Third Party Advisory https://support.apple.com/kb/HT211844

Third Party Advisory https://support.apple.com/kb/HT211850

Third Party Advisory https://support.apple.com/kb/HT211931

Third Party Advisory https://support.apple.com/kb/HT211935

Third Party Advisory https://support.apple.com/kb/HT211952

Third Party Advisory https://usn.ubuntu.com/4394-1/

Patch https://www.oracle.com/security-alerts/cpuApr2021.html

Patch https://www.oracle.com/security-alerts/cpuapr2022.html

Patch https://www.oracle.com/security-alerts/cpujul2020.html

and 24 more references

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 25/34 · High