Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-9327

Published: 21 February 2020

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
sqlite3
Launchpad, Ubuntu, Debian 		bionic
Released (3.22.0-1ubuntu0.3)
eoan
Released (3.29.0-2ubuntu0.2)
trusty Not vulnerable
(code not present)
upstream
Released (3.31.1-3)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://www.sqlite.org/cgi/src/info/4374860b29383380
upstream: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
upstream: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
upstream: https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d
upstream: https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading