Home

CVE-2020-13630

Description

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

Risk Information

Base Score
7.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.076

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Apple iTunes (X64) (12.10.9.3)Windows
Multiple vulnerabilities fixed in Apple iTunes (12.10.9.3)Windows
Multiple vulnerabilities fixed in iCloud 11.5Windows
Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.10.8Windows
Multiple Vulnerabilities are affected in Apple iTunes 12.10.8Windows
Multiple Vulnerabilities are affected in Apple iTunes For Mac 12.10.8Mac
C library that implements an SQL database engine (USN-4394-1) sqlite3_3.11.0-1ubuntu1.5_i386.debLinux
C library that implements an SQL database engine (USN-4394-1) sqlite3_3.11.0-1ubuntu1.5_amd64.debLinux
C library that implements an SQL database engine (USN-4394-1) sqlite3_3.22.0-1ubuntu0.4_i386.debLinux
C library that implements an SQL database engine (USN-4394-1) sqlite3_3.22.0-1ubuntu0.4_amd64.debLinux
C library that implements an SQL database engine (USN-4394-1) sqlite3_3.29.0-2ubuntu0.3_i386.debLinux
C library that implements an SQL database engine (USN-4394-1) sqlite3_3.29.0-2ubuntu0.3_amd64.debLinux
C library that implements an SQL database engine (USN-4394-1) sqlite3_3.31.1-4ubuntu0.1_i386.debLinux
C library that implements an SQL database engine (USN-4394-1) sqlite3_3.31.1-4ubuntu0.1_amd64.debLinux
C library that implements an SQL database engine (USN-4394-1) libsqlite3-0_3.11.0-1ubuntu1.5_i386.debLinux
C library that implements an SQL database engine (USN-4394-1) libsqlite3-0_3.11.0-1ubuntu1.5_amd64.debLinux
C library that implements an SQL database engine (USN-4394-1) libsqlite3-0_3.22.0-1ubuntu0.4_i386.debLinux
C library that implements an SQL database engine (USN-4394-1) libsqlite3-0_3.22.0-1ubuntu0.4_amd64.debLinux
C library that implements an SQL database engine (USN-4394-1) libsqlite3-0_3.29.0-2ubuntu0.3_i386.debLinux
C library that implements an SQL database engine (USN-4394-1) libsqlite3-0_3.29.0-2ubuntu0.3_amd64.debLinux
C library that implements an SQL database engine (USN-4394-1) libsqlite3-0_3.31.1-4ubuntu0.1_i386.debLinux
C library that implements an SQL database engine (USN-4394-1) libsqlite3-0_3.31.1-4ubuntu0.1_amd64.debLinux
(RHSA-2020:4442) sqlite security update lemon-3.26.0-11.el8.x86_64.rpmLinux
(RHSA-2020:4442) sqlite security update sqlite-3.26.0-11.el8.i686.rpmLinux
(RHSA-2020:4442) sqlite security update sqlite-3.26.0-11.el8.x86_64.rpmLinux
(RHSA-2020:4442) sqlite security update sqlite-debugsource-3.26.0-11.el8.i686.rpmLinux
(RHSA-2020:4442) sqlite security update sqlite-debugsource-3.26.0-11.el8.x86_64.rpmLinux
(RHSA-2020:4442) sqlite security update sqlite-devel-3.26.0-11.el8.i686.rpmLinux
(RHSA-2020:4442) sqlite security update sqlite-devel-3.26.0-11.el8.x86_64.rpmLinux
(RHSA-2020:4442) sqlite security update sqlite-doc-3.26.0-11.el8.noarch.rpmLinux
(RHSA-2020:4442) sqlite security update sqlite-libs-3.26.0-11.el8.i686.rpmLinux
(RHSA-2020:4442) sqlite security update sqlite-libs-3.26.0-11.el8.x86_64.rpmLinux
Use After Free Vulnerability (CVE-2020-13630)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-316017Apple iTunes (X64) (12.10.9.3)
PATCH-316016Apple iTunes (12.10.9.3)
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234