Lucene search

[email protected]NVD:CVE-2021-20227

HistoryMar 23, 2021 - 5:15 p.m.

CVE-2021-20227

2021-03-2317:15:13

CWE-416

[email protected]

web.nvd.nist.gov

sqlite

select query

use-after-free

denial of service

code execution

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

29.4%

JSON

A flaw was found in SQLite’s SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.

Affected configurations

Nvd

Node

sqlitesqliteRange3.33.0–3.34.1

Node

oraclecommunications_network_charging_and_controlRange12.0.1.0–12.0.4.0.0

oraclecommunications_network_charging_and_controlMatch6.0.1

oracleenterprise_manager_for_oracle_databaseMatch13.4.0.0

oraclejd_edwards_enterpriseone_toolsRange<9.2.6.0

oraclemysql_workbenchRange≤8.0.26

oracleoutside_in_technologyMatch8.5.5

oraclezfs_storage_appliance_kitMatch8.8

VendorProductVersionCPE
sqlitesqlite*cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
oraclecommunications_network_charging_and_control*cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
oraclecommunications_network_charging_and_control6.0.1cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
oracleenterprise_manager_for_oracle_database13.4.0.0cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.4.0.0:*:*:*:*:*:*:*
oraclejd_edwards_enterpriseone_tools*cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
oraclemysql_workbench*cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
oracleoutside_in_technology8.5.5cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
oraclezfs_storage_appliance_kit8.8cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sqlite	sqlite	*	cpe:2.3:a:sqlite:sqlite::::::::
oracle	communications_network_charging_and_control	*	cpe:2.3:a:oracle:communications_network_charging_and_control::::::::
oracle	communications_network_charging_and_control	6.0.1	cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:::::::*
oracle	enterprise_manager_for_oracle_database	13.4.0.0	cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.4.0.0:::::::*
oracle	jd_edwards_enterpriseone_tools	*	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
oracle	mysql_workbench	*	cpe:2.3:a:oracle:mysql_workbench::::::::
oracle	outside_in_technology	8.5.5	cpe:2.3:a:oracle:outside_in_technology:8.5.5:::::::*
oracle	zfs_storage_appliance_kit	8.8	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*