CVE-2020-13630
HIGH | Platform: macOS | Changelog
CVE Details
Description
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 7.0 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Weakness
References
- Apple Security Advisory
- NVD Entry
- http://seclists.org/fulldisclosure/2020/Dec/32 (Mailing List, Third Party Advisory)
- http://seclists.org/fulldisclosure/2020/Nov/19 (Mailing List, Third Party Advisory)
- http://seclists.org/fulldisclosure/2020/Nov/20 (Mailing List, Third Party Advisory)
- http://seclists.org/fulldisclosure/2020/Nov/22 (Mailing List, Third Party Advisory)
- https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 (Permissions Required, Third Party Advisory)
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf (Patch, Third Party Advisory)
- https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html (Third Party Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/