Vulnerability Name:

CVE-2020-13435 (CCN-182406)

Assigned:2020-05-23
Published:2020-05-23
Updated:2021-06-14
Summary:SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.0 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-476
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-13435

Source: FULLDISC
Type: UNKNOWN
20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1

Source: FULLDISC
Type: UNKNOWN
20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0

Source: FULLDISC
Type: UNKNOWN
20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0

Source: FULLDISC
Type: UNKNOWN
20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0

Source: XF
Type: UNKNOWN
sqllite-cve202013435-dos(182406)

Source: FEDORA
Type: Third Party Advisory
FEDORA-2020-0477f8840e

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-20:22

Source: GENTOO
Type: UNKNOWN
GLSA-202007-26

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20200528-0004/

Source: CCN
Type: Apple security document HT211931
About the security content of macOS Big Sur 11.0.1

Source: CCN
Type: Apple security document HT211935
About the security content of iCloud for Windows 11.5

Source: CCN
Type: Apple security document HT211952
About the security content of iTunes 12.10.9 for Windows

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/kb/HT211843

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/kb/HT211844

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/kb/HT211850

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/kb/HT211931

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/kb/HT211935

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/kb/HT211952

Source: UBUNTU
Type: UNKNOWN
USN-4394-1

Source: CCN
Type: IBM Security Bulletin 6250935 (Watson Machine Learning Community Edition)
WML CE: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

Source: CCN
Type: IBM Security Bulletin 6410788 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6430565 (MaaS360 Cloud Extender)
A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-13434, CVE-2020-13435)

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Source: CCN
Type: IBM Security Bulletin 6590981 (QRadar Data Synchronization App)
IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6856409 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: MISC
Type: UNKNOWN
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: MISC
Type: UNKNOWN
https://www.oracle.com/security-alerts/cpujul2020.html

Source: CCN
Type: SQLite Web site
Segfault in sqlite3ExprCodeTarget

Source: MISC
Type: Exploit, Patch, Vendor Advisory
https://www.sqlite.org/src/info/7a5279a25c57adf1

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-13435

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sqlite:sqlite:*:*:*:*:*:*:*:* (Version <= 3.32.0)

  • Configuration 2:
  • cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:sqlite:sqlite:3.32.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:watson_machine_learning:1.6.2:*:community:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_machine_learning:1.7.0:*:community:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.6.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7675
    P
    libsqlite3-0-3.39.3-150000.3.20.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:51964
    P
    Security update for libarchive (Low)
    2022-11-23
    oval:org.opensuse.security:def:740
    P
    Security update for icu (Moderate)
    2022-09-07
    oval:org.opensuse.security:def:3641
    P
    Security update for ncurses (Moderate) (in QA)
    2022-07-18
    oval:org.opensuse.security:def:6091
    P
    Security update for rsyslog (Important)
    2022-07-06
    oval:org.opensuse.security:def:3455
    P
    coolkey-1.1.0-148.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3083
    P
    gnome-keyring-3.20.0-28.3.18 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94713
    P
    libsqlite3-0-3.36.0-3.12.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94567
    P
    gnutls-3.7.3-150400.2.12 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95318
    P
    Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (Important)
    2022-05-16
    oval:org.opensuse.security:def:102031
    P
    Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP3) (Important)
    2022-03-29
    oval:org.opensuse.security:def:112849
    P
    libsqlite3-0-3.36.0-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:99502
    P
    (Important)
    2022-01-17
    oval:org.opensuse.security:def:99701
    P
    (Moderate)
    2021-12-06
    oval:com.redhat.rhsa:def:20214396
    P
    RHSA-2021:4396: sqlite security update (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:100010
    P
    (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:106312
    P
    libsqlite3-0-3.36.0-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:31687
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:59803
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:89200
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:23681
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:55953
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:84673
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:33980
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:30130
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:58018
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:87478
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:125609
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:51669
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:83337
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:32195
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:60373
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:89458
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:23976
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:56073
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:85743
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:34550
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:30250
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:58837
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:88196
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:126776
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:83457
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:33014
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:26137
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:57102
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:86151
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:5124
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:31279
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:59545
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:88512
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:127173
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:55250
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:84215
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:33722
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:29427
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:57510
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:86659
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:82634
    P
    Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:93102
    P
    (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:101280
    P
    libtdsodbc0-1.1.36-3.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:110972
    P
    Security update for sqlite3 (Important)
    2021-07-19
    oval:org.opensuse.security:def:69693
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:94389
    P
    (Important)
    2021-07-14
    oval:org.opensuse.security:def:73666
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:93255
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:42100
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:8805
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:91966
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:99658
    P
    (Important)
    2021-07-14
    oval:org.opensuse.security:def:66859
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:99303
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:93752
    P
    (Important)
    2021-07-14
    oval:org.opensuse.security:def:9752
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:92751
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:101471
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:5770
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:69892
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:73852
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:93098
    P
    (Important)
    2021-07-14
    oval:org.opensuse.security:def:9000
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:92161
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:99972
    P
    (Important)
    2021-07-14
    oval:org.opensuse.security:def:67180
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:107946
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:93966
    P
    (Important)
    2021-07-14
    oval:org.opensuse.security:def:10117
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:92949
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:70257
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:64544
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:98916
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:75927
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:93416
    P
    (Important)
    2021-07-14
    oval:org.opensuse.security:def:9363
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:92353
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:100308
    P
    (Important)
    2021-07-14
    oval:org.opensuse.security:def:69503
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:108697
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:94178
    P
    (Important)
    2021-07-14
    oval:org.opensuse.security:def:10303
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:8619
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:70443
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:99395
    P
    (Important)
    2021-07-14
    oval:org.opensuse.security:def:64730
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:99111
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:117461
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:111619
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:76248
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:93572
    P
    (Important)
    2021-07-14
    oval:org.opensuse.security:def:9553
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:92552
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:100636
    P
    (Important)
    2021-07-14
    BACK
    sqlite sqlite *
    fedoraproject fedora 32
    sqlite sqlite 3.32.0
    ibm watson machine learning 1.6.2
    ibm data risk manager 2.0.6
    ibm watson machine learning 1.7.0
    ibm cloud pak for security 1.7.2.0
    ibm cloud pak for security 1.10.0.0
    ibm cloud pak for security 1.10.6.0