7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.01 Low
EPSS
Percentile
83.2%
Severity: High
Date : 2020-06-28
CVE-ID : CVE-2020-13871
Package : sqlite
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-1182
The package sqlite before version 3.32.3-1 is vulnerable to arbitrary
code execution.
Upgrade to 3.32.3-1.
The problem has been fixed upstream in version 3.32.3.
None.
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c
because the parse tree rewrite for window functions is too late.
An attacker might be able to crash the application or execute arbitrary
code by running a crafted query.
https://www.sqlite.org/src/info/c8d3b9f0a750a529
https://www.sqlite.org/src/info/cd708fa84d2aaaea
https://www.sqlite.org/src/info/44a58d6cb135a104
https://security.archlinux.org/CVE-2020-13871
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.01 Low
EPSS
Percentile
83.2%