#VU25861 NULL pointer dereference


Published: 2020-03-10 | Updated: 2020-05-24

Vulnerability identifier: #VU25861

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9327

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SQLite
Server applications / Database software

Vendor: SQLite

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. A remote attacker can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

SQLite: 3.31.1


CPE

External links
http://www.sqlite.org/cgi/src/info/4374860b29383380
http://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
http://www.sqlite.org/cgi/src/info/abc473fb8fb99900


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability