CVE-2020-13632
moderate-risk
Published 2020-05-27
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
Do I need to act?
-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (17)
References (22)
Permissions Required
https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
Third Party Advisory
https://security.gentoo.org/glsa/202007-26
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200608-0002/
Vendor Advisory
https://sqlite.org/src/info/a4dd148928ea65bd
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Permissions Required
https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
Third Party Advisory
https://security.gentoo.org/glsa/202007-26
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200608-0002/
Vendor Advisory
https://sqlite.org/src/info/a4dd148928ea65bd
and 2 more references
37
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
19/34 · Moderate