ALT-PU-2021-1135-1
Closed vulnerabilities
Published: 2021-02-05
BDU:2021-01135
Уязвимость функции SELECT системы управления базами данных SQLite, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (6.1)
Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
References:
Published: 2021-03-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-20227
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1924886
- https://bugzilla.redhat.com/show_bug.cgi?id=1924886
- GLSA-202103-04
- GLSA-202103-04
- GLSA-202210-40
- GLSA-202210-40
- https://security.netapp.com/advisory/ntap-20210423-0010/
- https://security.netapp.com/advisory/ntap-20210423-0010/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.sqlite.org/releaselog/3_34_1.html
- https://www.sqlite.org/releaselog/3_34_1.html