CVE-2020-13630
HIGHSQLite < 3.32.0 - Use-After-Free in FTS3 Snippet Feature
Title source: llmDescription
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
References (21)
Core 21
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
Patch, Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4394-1/
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2020.html
Permissions Required, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
Patch, Vendor Advisory x_refsource_misc
https://sqlite.org/src/info/0d69f76f0865f962
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200608-0002/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202007-26
Mitigation, Third Party Advisory vendor-advisory
x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
Release Notes, Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT211843
Release Notes, Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT211850
Release Notes, Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT211844
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2020.html
Release Notes, Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT211931
Release Notes, Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT211952
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/19
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/20
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/22
Release Notes, Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT211935
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Dec/32
Patch, Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Scores
CVSS v3
7.0
EPSS
0.0009
EPSS Percentile
24.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (24)
apple/icloud
< 11.5
apple/ipados
< 14.0
apple/iphone_os
< 14.0
apple/itunes
< 12.10.9
apple/macos
< 11.0.1
apple/tvos
< 14.0
apple/watchos
< 7.0
brocade/fabric_operating_system
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
... and 14 more
Published
May 27, 2020
Tracked Since
Feb 18, 2026