ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sqlite | Sqlite | * | 3.32.0 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | sqlite-0:3.26.0-11.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | mingw-binutils-0:2.30-3.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | mingw-bzip2-0:1.0.6-14.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | mingw-filesystem-0:104-2.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | mingw-sqlite-0:3.26.0.0-1.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | sqlite-0:3.26.0-11.el8 | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/cephcsi-rhel9:sha256:4c44c079dccf8e9cbf0a1bbf295986fd496aeb0aa23ad8d324302e218f14ba8f | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/cephcsi-rhel9-operator:sha256:8e37db34e54d4427c59b0951d14131ebe97fe9bc4cbdb5a905f2af331775d5f0 | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/mcg-core-rhel9:sha256:3959ddbd5e30450cd65ba2cee8bcbe66fb260d5e17d864d20da1f8532a472f58 | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/mcg-rhel9-operator:sha256:c05fa74e94e489d4cd1e1ac2d222599027a490822e73200505a41edd2d6f34ce | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/ocs-client-console-rhel9:sha256:522337ac4f9d4369db40e1dcfe666923774fd731b35e2a2517827a1325ff81ac | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/ocs-client-rhel9-operator:sha256:b78c75b4a8aa1413dba5af43b4a499c0f2f5d0329bd4a1df7b99bbc856fa273b | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/ocs-metrics-exporter-rhel9:sha256:3e281be3ee1669685cc79a689b0f78c5372ee2595e845e40909389f92a5e372d | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/ocs-rhel9-operator:sha256:692d43c0ab28b5919129f1617b105fd348dd97d37d88dd1d911d61a26eb7601b | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/odf-cli-rhel9:sha256:b9590095f97397c13e1165cbd1e2205debbfb4fb2a1c5e125ca6bda057d8e793 | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/odf-cloudnative-pg-rhel9-operator:sha256:b9c8f6ffca5a91d1184ef803bb4db14770cb35d305feb168412fa3a36c440d10 | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/odf-console-rhel9:sha256:7862c67b17eb6c291db11ecdf6e8c54fac9f2c6b45e816d0b8b79594c70faeaa | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/odf-cosi-sidecar-rhel9:sha256:819edb52f8559427f190f687840a5417de59662fa8bc5129e26e3ed2cf0e0276 | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/odf-csi-addons-rhel9-operator:sha256:a671cbd7e34d7a516f5ffb6bf93f102e35d23ec1a4cc12a941c6a09b889aa77e | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/odf-csi-addons-sidecar-rhel9:sha256:b42362709b1077640f709dcab2e568e73d7c6c2d8cf5a3f4940ef55d0ddce319 | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/odf-multicluster-console-rhel9:sha256:574d464a2208864d3fa810f990148c904c8efda22a8f2c16cecca25a49e4ef3c | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/odf-multicluster-rhel9-operator:sha256:8ccd6c59ff6ee91a618dd839c417988f3856629d7a789dd8b68daa027cafa7de | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/odf-must-gather-rhel9:sha256:c2d5160cf4d8fef47ca7caaf3b03052622cf49d75c6dd3ecd05f06bdc4e2291b | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/odf-rhel9-operator:sha256:ff5b515653e8277b6a71153a990fc33e4a6fc10e226d37220438ebf99e7df98a | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/odr-rhel9-operator:sha256:dc5d9c9a06b8c5b0dc347d9b4465e2f26141d4f2be9cf7df36a862e942c3267a | * |
| Red Hat Openshift Data Foundation 4.19 | RedHat | odf4/rook-ceph-rhel9-operator:sha256:3c15da58b7ff718d5dbf00fe344b6fa8d62d023bd18b6f6e708e9613fc95c594 | * |
| Sqlite3 | Ubuntu | bionic | * |
| Sqlite3 | Ubuntu | devel | * |
| Sqlite3 | Ubuntu | eoan | * |
| Sqlite3 | Ubuntu | esm-infra/bionic | * |
| Sqlite3 | Ubuntu | esm-infra/focal | * |
| Sqlite3 | Ubuntu | esm-infra/xenial | * |
| Sqlite3 | Ubuntu | focal | * |
| Sqlite3 | Ubuntu | trusty | * |
| Sqlite3 | Ubuntu | upstream | * |
| Sqlite3 | Ubuntu | xenial | * |
Potential Mitigations
References
- https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
- https://security.gentoo.org/glsa/202007-26
- https://security.netapp.com/advisory/ntap-20200608-0002/
- https://sqlite.org/src/info/a4dd148928ea65bd
- https://usn.ubuntu.com/4394-1/
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc
- https://security.gentoo.org/glsa/202007-26
- https://security.netapp.com/advisory/ntap-20200608-0002/
- https://sqlite.org/src/info/a4dd148928ea65bd
- https://usn.ubuntu.com/4394-1/
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html