Skip to main content

Sqlite CVE-2020-13434

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2020-05-24 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 24, 2020 - 22:15 nvd
MEDIUM 5.5

DescriptionNVD

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

AnalysisAI

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Affected products include: Sqlite, Debian Debian Linux, Fedoraproject Fedora, Canonical Ubuntu Linux, Freebsd. Version information: through 3.32.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

More in Sqlite

View all
CVE-2015-5895 CRITICAL POC
10.0 Sep 18

Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and a

CVE-2017-10989 CRITICAL
9.8 Jul 07

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles u

CVE-2025-6965 HIGH POC
7.2 Jul 15

Memory corruption in SQLite versions before 3.50.2 allows network-based attackers with low privileges to manipulate aggr

CVE-2019-5018 HIGH POC
8.1 May 10

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. Rated high se

CVE-2018-20346 HIGH POC
8.1 Dec 21

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow)

CVE-2017-15286 HIGH POC
7.5 Oct 12

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases wh

CVE-2022-35737 HIGH POC
7.5 Aug 03

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a

CVE-2021-36690 HIGH POC
7.5 Aug 24

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo functi

CVE-2020-13871 HIGH POC
7.5 Jun 06

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions i

CVE-2020-11655 HIGH POC
7.5 Apr 09

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function

CVE-2023-7104 HIGH POC
7.3 Dec 29

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical.c of the component make alltest Hand

CVE-2022-46908 HIGH POC
7.3 Dec 12

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the

Share

CVE-2020-13434 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy