5.5
CVE-2021-20227
- EPSS 0.21%
- Published 23.03.2021 17:15:13
- Last modified 21.11.2024 05:46:10
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.
Data is provided by the National Vulnerability Database (NVD)
Oracle ≫ Communications Network Charging And Control Version >= 12.0.1.0 <= 12.0.4.0.0
Oracle ≫ Communications Network Charging And Control Version6.0.1
Oracle ≫ Enterprise Manager For Oracle Database Version13.4.0.0
Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.6.0
Oracle ≫ Mysql Workbench Version <= 8.0.26
Oracle ≫ Outside In Technology Version8.5.5
Oracle ≫ Zfs Storage Appliance Kit Version8.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.44 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.