CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
23.3%
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
Vendor | Product | Version | CPE |
---|---|---|---|
sqlite | sqlite | * | cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* |
fedoraproject | fedora | 32 | cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 16.04 | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
canonical | ubuntu_linux | 18.04 | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
canonical | ubuntu_linux | 19.10 | cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 20.04 | cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* |
netapp | cloud_backup | - | cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:* |
brocade | fabric_operating_system | - | cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:* |
netapp | hci_compute_node_firmware | - | cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:* |
seclists.org/fulldisclosure/2020/Dec/32
seclists.org/fulldisclosure/2020/Nov/19
seclists.org/fulldisclosure/2020/Nov/20
seclists.org/fulldisclosure/2020/Nov/22
bugs.chromium.org/p/chromium/issues/detail?id=1080459
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
lists.debian.org/debian-lts-announce/2020/08/msg00037.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
security.gentoo.org/glsa/202007-26
security.netapp.com/advisory/ntap-20200608-0002/
sqlite.org/src/info/0d69f76f0865f962
support.apple.com/kb/HT211843
support.apple.com/kb/HT211844
support.apple.com/kb/HT211850
support.apple.com/kb/HT211931
support.apple.com/kb/HT211935
support.apple.com/kb/HT211952
usn.ubuntu.com/4394-1/
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/security-alerts/cpuoct2020.html
More
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
23.3%