Insecure Token

2022-08-3014:22:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode “control-characters” (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.

CPENameOperatorVersion
sqlite3:bullseyeeq3.33.0-1
sqlite3:sideq3.33.0-1
sqlite3:focaleq3.31.1-4ubuntu0.2
sqlite3:bustereq3.27.2-3+deb10u1
sqlite3:bullseyeeq3.33.0-1
sqlite3:sideq3.33.0-1
sqlite3:focaleq3.31.1-4ubuntu0.2
sqlite3:bustereq3.27.2-3+deb10u1

Name	Operator	Version
sqlite3:bullseye	eq	3.33.0-1
sqlite3:sid	eq	3.33.0-1
sqlite3:focal	eq	3.31.1-4ubuntu0.2
sqlite3:buster	eq	3.27.2-3+deb10u1
sqlite3:bullseye	eq	3.33.0-1
sqlite3:sid	eq	3.33.0-1
sqlite3:focal	eq	3.31.1-4ubuntu0.2
sqlite3:buster	eq	3.27.2-3+deb10u1