CVE-2020-35527
Publication date 1 September 2022
Last updated 24 July 2024
Ubuntu priority
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| sqlite | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| sqlite3 | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Fixed 3.31.1-4ubuntu0.4
|
|
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Ignored |
Notes
rodrigo-zaiden
upstream fix adds a check with the macro IN_RENAME_OBJECT, that started to appear in version 3.25.0 (commit cf8f2895) as IN_RENAME_COLUMN and ended up in its current state in version 3.31.0 (commit e6dc1e5b). Backporting the fix to versions prior to 3.31 seems too risky and would likely introduce regressions. Also, there is a note in the upstream bug link saying that the issue happens "due to the two-size lookaside memory allocator added in version 3.31.0". So, sqlite3 for Ubuntu releases earlier than focal won't be fixed. sqlite source package does not have the vulnerable code.
Patch details
| Package | Patch details |
|---|---|
| sqlite3 |
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-5615-1
- SQLite vulnerabilities
- 15 September 2022