CVE-2020-13631 Information

Feb 14, 2021 cve

Description

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables related to alter.c and build.c.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Reference

https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/ https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200608-0002/ https://sqlite.org/src/info/eca0ba2cf4c0fdf7 https://support.apple.com/kb/HT211931 https://usn.ubuntu.com/4394-1/ https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

5.5

Share on: