[ASA-202006-11] sqlite: arbitrary code execution
foxboron at archlinux.org
Tue Jun 30 20:32:26 UTC 2020
Arch Linux Security Advisory ASA-202006-11
Date : 2020-06-28
CVE-ID : CVE-2020-13871
Package : sqlite
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-1182
The package sqlite before version 3.32.3-1 is vulnerable to arbitrary
Upgrade to 3.32.3-1.
# pacman -Syu "sqlite>=3.32.3-1"
The problem has been fixed upstream in version 3.32.3.
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c
because the parse tree rewrite for window functions is too late.
An attacker might be able to crash the application or execute arbitrary
code by running a crafted query.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security