7.5

CVE-2021-36690

Exploit
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SqliteSqlite Version3.36.0
AppleiPhone OS Version < 16.0
ApplemacOS Version < 13.0
AppletvOS Version < 16.0
ApplewatchOS Version < 9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.9% 0.889
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/fulldisclosure/2022/Oct/28
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Oct/39
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Oct/41
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Oct/47
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Oct/49
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT213446
Third Party Advisory
https://support.apple.com/kb/HT213486
Third Party Advisory
https://support.apple.com/kb/HT213487
Third Party Advisory
https://support.apple.com/kb/HT213488
Third Party Advisory
https://www.sqlite.org/forum/forumpost/718c0a8d17
Patch
Vendor Advisory
Exploit
https://lists.debian.org/debian-lts-announce/2024/09/msg00050.html