CVE-2020-13434 - Vulncode-DB

CVE-2020-13434 (NVD)

2020-05-24

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

Products	Icloud, Ipados, Iphone_os, Itunes, Macos, Tvos, Watchos, Ubuntu_linux, Debian_linux, Fedora, Freebsd, Communications_cloud_native_core_policy, Communications_network_charging_and_control, Outside_in_technology, Sqlite
Type	Integer Overflow or Wraparound (CWE-190)
First patch	- None (likely due to unavailable code)
Links	• https://usn.ubuntu.com/4394-1/ • https://support.apple.com/kb/HT211844 • http://seclists.org/fulldisclosure/2020/Dec/32 • http://seclists.org/fulldisclosure/2020/Nov/19 • https://www.oracle.com/security-alerts/cpuapr2022.html More/Less (17) • http://seclists.org/fulldisclosure/2020/Nov/20 • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/ • https://support.apple.com/kb/HT211843 • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc • https://support.apple.com/kb/HT211935 • https://security.netapp.com/advisory/ntap-20200528-0004/ • https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html • https://support.apple.com/kb/HT211850 • https://www.oracle.com/security-alerts/cpuApr2021.html • https://www.oracle.com/security-alerts/cpujul2020.html • https://support.apple.com/kb/HT211952 • https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html • https://security.gentoo.org/glsa/202007-26 • https://www.sqlite.org/src/info/d08d3405878d394e • https://www.sqlite.org/src/info/23439ea582241138 • https://support.apple.com/kb/HT211931 • http://seclists.org/fulldisclosure/2020/Nov/22