CVE-2020-35527
Published: 1 September 2022
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
Notes
| Author | Note |
|---|---|
| rodrigo-zaiden | upstream fix adds a check with the macro IN_RENAME_OBJECT, that started to appear in version 3.25.0 (commit cf8f2895) as IN_RENAME_COLUMN and ended up in its current state in version 3.31.0 (commit e6dc1e5b). Backporting the fix to versions prior to 3.31 seems too risky and would likely introduce regressions. Also, there is a note in the upstream bug link saying that the issue happens "due to the two-size lookaside memory allocator added in version 3.31.0". So, sqlite3 for Ubuntu releases earlier than focal won't be fixed. sqlite source package does not have the vulnerable code. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
sqlite Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| jammy |
Not vulnerable
(code not present)
|
|
| kinetic |
Not vulnerable
(code not present)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
sqlite3 Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
| focal |
Released
(3.31.1-4ubuntu0.4)
|
|
| jammy |
Not vulnerable
(3.37.2-2)
|
|
| kinetic |
Not vulnerable
(3.39.2-1)
|
|
| trusty |
Ignored
|
|
| upstream |
Released
(3.32.0)
|
|
| xenial |
Ignored
|
|
|
Patches: upstream: https://www.sqlite.org/src/info/c431b3fd8fd0f6a6 upstream: https://github.com/sqlite/sqlite/commit/0990c415f65d2556a5e4122cbe5727d500411aeb |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |