{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-08T14:08:22", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-202003-16", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-16"}, {"name": "USN-4298-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4298-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e"}, {"tags": ["x_refsource_MISC"], "url": "https://www.sqlite.org/cgi/src/info/abc473fb8fb99900"}, {"tags": ["x_refsource_MISC"], "url": "https://www.sqlite.org/cgi/src/info/4374860b29383380"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200313-0002/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-9327", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-202003-16", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-16"}, {"name": "USN-4298-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4298-1/"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e", "refsource": "MISC", "url": "https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e"}, {"name": "https://www.sqlite.org/cgi/src/info/abc473fb8fb99900", "refsource": "MISC", "url": "https://www.sqlite.org/cgi/src/info/abc473fb8fb99900"}, {"name": "https://www.sqlite.org/cgi/src/info/4374860b29383380", "refsource": "MISC", "url": "https://www.sqlite.org/cgi/src/info/4374860b29383380"}, {"name": "https://security.netapp.com/advisory/ntap-20200313-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200313-0002/"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:26:16.084Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-202003-16", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-16"}, {"name": "USN-4298-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4298-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sqlite.org/cgi/src/info/abc473fb8fb99900"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sqlite.org/cgi/src/info/4374860b29383380"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200313-0002/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-9327", "datePublished": "2020-02-21T21:25:14", "dateReserved": "2020-02-21T00:00:00", "dateUpdated": "2024-08-04T10:26:16.084Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sqlite:sqlite:3.31.1:*:*:*:*:*:*:*", "matchCriteriaId": "1051CFB3-05F7-4B95-A816-C88C78A825CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253", "versionEndExcluding": "1.0.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A", "versionEndIncluding": "12.0.3", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4FE8EE20-EDB0-468B-9441-8BB2C58C13A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "DED59B62-C9BF-4C0E-B351-3884E8441655", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E93384A-B962-4692-8735-2DA55A2969A2", "versionEndIncluding": "8.0.22", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "72F1A960-EBA5-4BDB-B629-20F0D2384562", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "3198F822-43F8-4CB3-97F7-C2982FDA5CBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "7569C0BD-16C1-441E-BAEB-840C94BE73EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations."}, {"lang": "es", "value": "En SQLite versi\u00f3n 3.31.1, la funci\u00f3n  isAuxiliaryVtabOperator permite a atacantes desencadenar una desreferencia del puntero NULL y un fallo de segmentaci\u00f3n debido a las optimizaciones de columna generadas."}], "id": "CVE-2020-9327", "lastModified": "2024-11-21T05:40:25.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-21T22:15:10.803", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-16"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200313-0002/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://usn.ubuntu.com/4298-1/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.sqlite.org/cgi/src/info/4374860b29383380"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.sqlite.org/cgi/src/info/abc473fb8fb99900"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200313-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://usn.ubuntu.com/4298-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.sqlite.org/cgi/src/info/4374860b29383380"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.sqlite.org/cgi/src/info/abc473fb8fb99900"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4442", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "sqlite-0:3.26.0-11.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4442", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "sqlite-0:3.26.0-11.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations", "id": "1809315", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809315"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.", "A NULL pointer dereference was found in SQLite in the way it executes select statements with column optimizations. An attacker who is able to execute SQL statements can use this flaw to crash the application."], "name": "CVE-2020-9327", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-02-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-9327\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9327"], "threat_severity": "Moderate"}