Bug 2122324 (CVE-2020-35525)
Summary: | CVE-2020-35525 sqlite: Null pointer derreference in src/select.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | adudiak, alex, alexfails, bdettelb, caswilli, databases-maint, dffrench, drizt72, erik-fedora, fedora, fjansen, gzaronik, jburrell, jkoehler, jwong, kaycoth, kde-sig, kevin, kshier, mmuzila, mschorm, ngough, odubaj, pkubat, praiskup, rdieter, rgodfrey, rh-spice-bugs, rjones, spotrh, tcarlin, tkasparek, vitaly, wilmer5, zmiklank |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sqlite-3.34.1-5.el9 | Doc Type: | If docs needed, set a value |
Doc Text: |
A NULL pointer dereference flaw was found in select.c of SQLite. An out-of-memory error occurs while an early out on the INTERSECT query is processing. This flaw allows an attacker to execute a potential NULL pointer dereference.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-30 15:28:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2122475, 2122474, 2122476, 2122477, 2122478, 2122479, 2122480, 2122481, 2122482, 2124836, 2124837 | ||
Bug Blocks: | 2122330 |
Description
Pedro Sampaio
2022-08-29 19:02:55 UTC
Created mingw-sqlite tracking bugs for this issue: Affects: fedora-all [bug 2122477] Created qt5-qtwebengine tracking bugs for this issue: Affects: epel-all [bug 2122475] Affects: fedora-all [bug 2122478] Created sqlite tracking bugs for this issue: Affects: fedora-all [bug 2122474] Created sqlite2 tracking bugs for this issue: Affects: epel-all [bug 2122476] Affects: fedora-all [bug 2122479] Created tdlib tracking bugs for this issue: Affects: fedora-all [bug 2122480] In reply to comment #5: > Unknown CVE ID CVE-2020-35525 > > https://www.cvedetails.com/cve-details.php?cve_id=CVE-2020-35525 Not sure what to respond here. Please check: https://nvd.nist.gov/vuln/detail/CVE-2020-35525 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7108 https://access.redhat.com/errata/RHSA-2022:7108 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-35525 |