CVE-2020-9327

Priority
Description
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a
NULL pointer dereference and segmentation fault because of generated column
optimizations.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (3.31.1-3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (3.22.0-1ubuntu0.3)
Ubuntu 19.10 (Eoan Ermine):released (3.29.0-2ubuntu0.2)
Ubuntu 20.04 (Focal Fossa):not-affected (3.31.1-3)
Patches:
Upstream:https://www.sqlite.org/cgi/src/info/4374860b29383380
Upstream:https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
Upstream:https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
Upstream:https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d
Upstream:https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21
More Information

Updated: 2020-03-18 22:55:14 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)