Description
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
References (11)
Core 11
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202003-16
Patch, Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4298-1/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2020.html
Patch, Vendor Advisory x_refsource_misc
https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
Patch, Vendor Advisory x_refsource_misc
https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
Vendor Advisory x_refsource_misc
https://www.sqlite.org/cgi/src/info/4374860b29383380
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200313-0002/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2021.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch, Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Scores
CVSS v3
7.5
EPSS
0.0095
EPSS Percentile
76.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (16)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.10
netapp/cloud_backup
oracle/communications_messaging_server
8.1
oracle/communications_network_charging_and_control
6.0.1
oracle/communications_network_charging_and_control
12.0.2
oracle/communications_network_charging_and_control
12.0.0 - 12.0.3
oracle/enterprise_manager_ops_center
12.4.0.0
oracle/hyperion_infrastructure_technology
11.1.2.4
... and 6 more
Published
Feb 21, 2020
Tracked Since
Feb 18, 2026